Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9905 | 1 Alinto | 1 Sogo | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields.
|
|||||
| CVE-2016-8232 | 1 Ibm | 3 Advanced Management Module, Advanced Management Module Firmware, Bladecenter | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information.
|
|||||
| CVE-2017-11441 | 1 Cpanel | 1 Whm | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297.
|
|||||
| CVE-2016-5899 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2017-5960 | 1 Phalconeye Project | 1 Phalconeye | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Phalcon Eye through 0.4.1. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "phalconeye-master/public/external/pydio/plugins/editor.webodf/frame.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
|
|||||
| CVE-2017-12349 | 1 Cisco | 1 Unified Computing System Central Software | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986.
|
|||||
| CVE-2017-6820 | 1 Roundcube | 1 Webmail | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.
|
|||||
| CVE-2017-14714 | 1 Telaxius | 1 Epesi | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter.
|
|||||
| CVE-2017-14618 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action.
|
|||||
| CVE-2017-15188 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admin_device/index.php.
|
|||||
| CVE-2017-8103 | 1 Mybb | 1 Mybb | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event.
|
|||||
| CVE-2017-11194 | 1 Pulsesecure | 1 Pulse Connect Secure | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an attacker to inject tags. An attacker could come up with clever payloads to make the system run commands such as ping, ping6, traceroute, nslookup, arp, etc.
|
|||||
| CVE-2016-5077 | 1 Netikus | 1 Eventsentry | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Netikus EventSentry before 3.2.1.44 has XSS via SNMP.
|
|||||
| CVE-2016-9470 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-20 | 9.3 HIGH | 9.0 CRITICAL |
|
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from a trusted domain.
|
|||||
| CVE-2017-17780 | 1 Mediaburst | 8 Booking Calendar Sms, Clockwork Sms Notfications, Contact Form 7 Sms and 5 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication - Clockwork SMS 1.0.2, Booking Calendar - Clockwork SMS 1.0.5, Contact Form 7 - Clockwork SMS 2.3.0, Fast Secure Contact Form - Clockwork SMS 2.1.2, Formidable - Clockwork SMS 1.0.2, Gravity Forms - Clockwork ...
Show More |
|||||
| CVE-2017-4940 | 1 Vmware | 1 Esxi | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client.
|
|||||
| CVE-2015-3161 | 1 Beaker-project | 1 Beaker | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
The search bar code in bkr/server/widgets.py in Beaker before 20.1 does not escape </script> tags in string literals when producing JSON.
|
|||||
| CVE-2016-7469 | 1 F5 | 16 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 13 more | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility client to become unstable.
|
|||||
| CVE-2016-1000220 | 1 Elastic | 1 Kibana | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers.
|
|||||
| CVE-2017-14268 | 1 Ee | 2 4gee Wifi Mbb, 4gee Wifi Mbb Firmware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have XSS in the sms_content parameter in a getSMSlist request.
|
|||||
| CVE-2017-7579 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field.
|
|||||
| CVE-2017-12680 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php.
|
|||||
| CVE-2017-14363 | 1 Microfocus | 1 Operations Manager I | 2025-04-20 | 3.5 LOW | 5.9 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS).
|
|||||
| CVE-2017-17825 | 1 Piwigo | 1 Piwigo | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data stored in it.
|
|||||
| CVE-2016-5075 | 1 Cloudviewnms | 1 Cloudview Nms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
CloudView NMS before 2.10a has XSS via a TELNET login.
|
|||||
| CVE-2017-14922 | 1 Tine20 | 1 Tine 2.0 | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.
|
|||||
| CVE-2017-1133 | 1 Ibm | 2 Qradar Incident Forensics, Qradar Security Information And Event Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534.
|
|||||
| CVE-2017-1278 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124756.
|
|||||
| CVE-2017-16765 | 1 Dlink | 2 Dwr-933, Dwr-933 Firmware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi.
|
|||||
| CVE-2017-6485 | 1 Php-calendar | 1 Php-calendar | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the "php-calendar-master/error.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
|
|||||
| CVE-2017-6539 | 1 Webpagetest Project | 1 Webpagetest | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, time) passed to the webpagetest-master/www/benchmarks/delta.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
|
|||||
| CVE-2017-6538 | 1 Webpagetest Project | 1 Webpagetest | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (video) passed to the webpagetest-master/www/speedindex/index.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
|
|||||
| CVE-2016-9466 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message, this led to a reflected Cross-Site-Scripting vulnerability.
|
|||||
| CVE-2017-9813 | 1 Kaspersky | 1 Anti-virus For Linux Server | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS).
|
|||||
| CVE-2016-9696 | 1 Ibm | 1 Rational Rhapsody Design Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM Reference #: 1999960.
|
|||||
| CVE-2017-16836 | 1 Commscope | 2 Arris Tg1682g, Arris Tg1682g Firmware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter.
|
|||||
| CVE-2015-7980 | 1 Compass Rose Project | 1 Compass Rose | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "embedding a JavaScript library from an external source that was not reliable."
|
|||||
| CVE-2017-8839 | 1 Peplink | 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is guest/preview.cgi.
|
|||||
| CVE-2017-15039 | 1 Zurmo | 1 Zurmo Crm | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.
|
|||||
| CVE-2016-6846 | 1 Open-xchange | 4 Documentconverter-api, Office Web, Open-xchange Appsuite Backend and 1 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0 before 7.8.0-rev30, and 7.8.2 before 7.8.2-rev8; Office Web before 7.6.2-rev16, 7.8.0 before 7.8.0-rev10, and 7.8.2 before 7.8.2-rev5; and Documentconverter-API before 7.8.2-rev5 allows remote attackers to inject arbitrary web script or HTML.
|
|||||