Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16884 | 1 Mistserver | 1 Mistserver | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts.
|
|||||
| CVE-2017-17775 | 1 Piwigo | 1 Piwigo | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request.
|
|||||
| CVE-2017-6555 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka "Design Manager > Categories > Category Description").
|
|||||
| CVE-2017-12298 | 1 Cisco | 1 Webex Meeting Center | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful ...
Show More |
|||||
| CVE-2015-5594 | 1 Zenphoto | 1 Zenphoto | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a crafted string.
|
|||||
| CVE-2017-1000065 | 1 Openmediavault | 1 Openmediavault | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights Management(Users) functionality allows attackers to inject arbitrary web scripts and execute malicious scripts within an authenticated client's browser.
|
|||||
| CVE-2017-0893 | 1 Nextcloud | 1 Nextcloud Server | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. Note that Nextcloud employs a strict Content-Security-Policy preventing exploitation of this XSS issue on modern web browsers.
|
|||||
| CVE-2017-2337 | 1 Juniper | 1 Screenos | 2025-04-20 | 3.5 LOW | 8.4 HIGH |
|
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Junip ...
Show More |
|||||
| CVE-2016-1214 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2.
|
|||||
| CVE-2017-6029 | 1 Certec Edv Gmbh | 1 Atvise Scada | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. This may allow remote code execution.
|
|||||
| CVE-2016-4847 | 1 Ossec | 1 Web Ui | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC Web UI before 0.9 allows remote attackers to inject arbitrary web script or HTML by leveraging an unanchored regex.
|
|||||
| CVE-2017-14621 | 1 Suse | 1 Portus | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Portus 2.2.0 has XSS via the Team field, related to typeahead.
|
|||||
| CVE-2017-17995 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request.
|
|||||
| CVE-2017-6484 | 1 Inter-mediator | 1 Inter-mediator | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple Cross-Site Scripting (XSS) issues were discovered in INTER-Mediator 5.5. The vulnerabilities exist due to insufficient filtration of user-supplied data (c and cred) passed to the "INTER-Mediator-master/Auth_Support/PasswordReset/resetpassword.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
|
|||||
| CVE-2017-6958 | 1 Mantisbt | 1 Source Integration | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An XSS vulnerability in the MantisBT Source Integration Plugin (before 2.0.2) search result page allows an attacker to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by crafting any valid parameter.
|
|||||
| CVE-2016-6037 | 1 Ibm | 2 Rational Quality Manager, Rational Team Concert | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 116918.
|
|||||
| CVE-2017-7591 | 1 Openidm Project | 1 Openidm | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/user/.
|
|||||
| CVE-2017-12906 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php.
|
|||||
| CVE-2017-9621 | 1 Epesi | 1 Epesi | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in modules/Base/Lang/Administrator/update_translation.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) original or (2) new parameter.
|
|||||
| CVE-2017-14415 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php.
|
|||||
| CVE-2016-9371 | 1 Moxa | 51 Nport 5100 Series Firmware, Nport 5100a Series Firmware, Nport 5110 and 48 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series v ...
Show More |
|||||
| CVE-2017-12344 | 1 Cisco | 1 Data Center Network Manager | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.
|
|||||
| CVE-2017-9523 | 1 Sophos | 1 Web Appliance | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342.
|
|||||
| CVE-2017-6654 | 1 Cisco | 1 Unified Communications Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Unified Communications Manager 10.5 through 11.5 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interfac ...
Show More |
|||||
| CVE-2017-1305 | 1 Ibm | 1 Rational Doors Next Generation | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125459.
|
|||||
| CVE-2017-17869 | 1 Mgl-instagram-gallery Project | 1 Mgl-instagram-gallery | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter.
|
|||||
| CVE-2017-9451 | 1 Flatcore | 1 Flatcore | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs.
|
|||||
| CVE-2017-7735 | 1 Fortinet | 1 Fortios | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups.
|
|||||
| CVE-2017-8439 | 1 Elastic | 1 Kibana | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. This bug could allow an attacker to obtain sensitive information from Kibana users.
|
|||||
| CVE-2017-14354 | 1 Hp | 1 Ucmdb Foundation Software | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site scripting.
|
|||||
| CVE-2016-4866 | 1 Cybozu | 1 Office | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function.
|
|||||
| CVE-2016-3411 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609.
|
|||||
| CVE-2016-9408 | 1 Mybb | 2 Merge System, Mybb | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Mod control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving editing users.
|
|||||
| CVE-2017-6734 | 1 Cisco | 1 Identity Services Engine | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected device, related to the Guest Portal. More Information: CSCvd74794. Known Affected Releases: 1.3(0.909) 2.1(0.800).
|
|||||
| CVE-2015-9057 | 1 Proxmox | 1 Proxmox Mail Gateway | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allow remote attackers to inject arbitrary web script or HTML via multiple parameters, related to /users/index.htm, /quarantine/spam/manage.htm, /quarantine/spam/whitelist.htm, /queues/mail/index/, /system/ssh.htm, /queues/mail/?domain=, and /quarantine/virus/manage.htm.
|
|||||
| CVE-2017-16880 | 1 Whoops Project | 1 Whoops | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The dump function in Util/TemplateHelper.php in filp whoops before 2.1.13 has XSS.
|
|||||
| CVE-2016-1566 | 1 Apache | 1 Guacamole | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. NOTE: this vulnerability was fixed in guacamole.war on 2016-01-13, but the version number was not changed.
|
|||||
| CVE-2017-15727 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment.
|
|||||
| CVE-2017-1168 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123187.
|
|||||
| CVE-2017-7590 | 1 Openidm Project | 1 Openidm | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name.
|
|||||