Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14588 | 1 Atlassian | 2 Crucible, Fisheye | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter.
|
|||||
| CVE-2017-14620 | 1 Smartertools | 1 Smarterstats | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting.
|
|||||
| CVE-2017-12296 | 1 Cisco | 1 Webex Meetings Server | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successf ...
Show More |
|||||
| CVE-2016-8950 | 1 Ibm | 1 Emptoris Sourcing | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118837.
|
|||||
| CVE-2017-17778 | 1 Paid To Read Script Project | 1 Paid To Read Script | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
Paid To Read Script 2.0.5 has XSS via the referrals.php tier parameter or the admin/userview.php uid parameter.
|
|||||
| CVE-2017-7109 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via crafted web content that incorrectly interacts with the Application Cache policy.
|
|||||
| CVE-2017-5542 | 1 Getsymphony | 1 Symphony | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter.
|
|||||
| CVE-2017-12655 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action.
|
|||||
| CVE-2017-1359 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126686.
|
|||||
| CVE-2015-1177 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2.
|
|||||
| CVE-2017-12978 | 1 Cacti | 1 Cacti | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.
|
|||||
| CVE-2016-3408 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 101813.
|
|||||
| CVE-2017-7276 | 1 Topdesk | 1 Topdesk | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
There is reflected XSS in TOPdesk before 5.7.6 and 6.x and 7.x before 7.03.019.
|
|||||
| CVE-2016-7808 | 1 Corega | 4 Cg-wlbaragm Firmware, Cg-wlbargmh, Cg-wlbargnl and 1 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2017-17719 | 1 Olyos | 1 Wp-concours | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the wp-concours plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the result_message parameter to includes/concours_page.php.
|
|||||
| CVE-2015-3257 | 1 Zend | 1 Diactoros | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting (XSS) or open redirect attacks.
|
|||||
| CVE-2017-16819 | 1 Icontime | 2 Rtc-1000, Rtc-1000 Firmware | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field for the employee details page (/employee.html) that is then reflected in multiple pages where that field data is utilized, resulting in session hijacking and possible elevation of privileges.
|
|||||
| CVE-2017-9085 | 1 Kodak | 1 Insite | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 6.5 to 8.0 allow remote attackers to inject arbitrary web script via the (1) "paramFile" parameter to /Site/Troubleshooting/DiagnosticReport.asp, or (2) "paramFile" parameter to /Site/Troubleshooting/SpeedTest.asp.
|
|||||
| CVE-2016-4858 | 1 Splunk | 1 Splunk | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2017-5631 | 1 Kmc Information Systems | 1 Caseaware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr") that is transmitted in the login.php query string.
|
|||||
| CVE-2017-1000023 | 1 Logicaldoc | 1 Logicaldoc | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document.
|
|||||
| CVE-2017-1650 | 1 Ibm | 1 Rational Doors Next Generation | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133260.
|
|||||
| CVE-2017-9361 | 1 Websitebaker | 1 Websitebaker | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php.
|
|||||
| CVE-2017-7855 | 1 Icewarp | 1 Server | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter.
|
|||||
| CVE-2016-2803 | 1 Mozilla | 1 Bugzilla | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML.
|
|||||
| CVE-2017-8125 | 1 Huawei | 1 Uma | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The UMA product with software V200R001 and V300R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks.
|
|||||
| CVE-2017-5085 | 2 Apple, Google | 2 Iphone Os, Chrome | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark.
|
|||||
| CVE-2016-6334 | 1 Mediawiki | 1 Mediawiki | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links.
|
|||||
| CVE-2017-11820 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". This CVE ID is unique from CVE-2017-11775 and CVE-2017-11777.
|
|||||
| CVE-2014-8753 | 1 Cit-e-net | 1 Cit-e-access | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Cit-e-Net Cit-e-Access 6.
|
|||||
| CVE-2017-14744 | 1 Baidu | 1 Ueditor | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element.
|
|||||
| CVE-2017-3802 | 1 Cisco | 1 Unified Communications Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc20679. Known Affected Releases: 12.0(0.99000.9). Known Fixed Releases: 12.0(0.98000.176) 12.0(0.98000.414) 12.0(0.98000.531) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.8).
|
|||||
| CVE-2016-7139 | 1 Plone | 1 Plone | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-2017-12813 | 1 Stivasoft | 1 Phpjabbers File Sharing Script | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section.
|
|||||
| CVE-2017-1000193 | 1 Octobercms | 1 October | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser.
|
|||||
| CVE-2017-1446 | 1 Ibm | 1 Emptoris Spend Analysis | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128171.
|
|||||
| CVE-2017-7256 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter. Someone must login to conduct the attack.
|
|||||
| CVE-2017-10795 | 1 Intelliants | 1 Subrion | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or HTML via the body to blog/add/, a different vulnerability than CVE-2017-6069.
|
|||||
| CVE-2017-15279 | 1 Umbraco | 1 Umbraco Cms | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and Umbraco.Web/umbraco.presentation/umbraco/dialogs/notifications.aspx.cs.
|
|||||
| CVE-2016-4906 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai.
|
|||||