Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-5145 | 1 Zope | 1 Zope | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12.
|
|||||
| CVE-2017-5241 | 1 Biscom | 1 Secure File Transfer | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting (XSS) in the "Name" and "Description" fields of a Workspace, as well as the "Description" field of a File Details pane of a file stored in a Workspace. This issue has been resolved in version 5.1.1025.
|
|||||
| CVE-2017-11593 | 1 Ooso | 1 Markdown Preview Plus | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Markdown Preview Plus extension before 0.5.7 for Chrome allows remote attackers to inject arbitrary web script or HTML into some web applications via the upload and display of crafted text, markdown, or rst files that are designed to be viewed in the browser as plain text, but that will be converted to HTML without proper sanitization.
|
|||||
| CVE-2017-17828 | 1 Doditsolutions | 1 Busbooking-script | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
Bus Booking Script has XSS via the results.php datepicker parameter or the admin/new_master.php spemail parameter.
|
|||||
| CVE-2017-6390 | 1 Soruly | 1 Whatanime.ga | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in whatanime.ga before c334dd8499a681587dd4199e90b0aa0eba814c1d. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "whatanime.ga-master/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
|
|||||
| CVE-2017-7247 | 1 Gazelle Project | 1 Gazelle | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. The vulnerabilities exist due to insufficient filtration of user-supplied data (torrents, size) passed to the 'Gazelle-master/sections/tools/managers/multiple_freeleech.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
|
|||||
| CVE-2016-5884 | 1 Ibm | 2 Domino, Inotes | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2017-1002011 | 1 Anblik | 1 Image-gallery-with-slideshow | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value->gallery_name and $value->gallery_description where anyone with privileges to modify or add galleries/images and inject javascript into the database.
|
|||||
| CVE-2014-3531 | 1 Theforeman | 1 Foreman | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description.
|
|||||
| CVE-2017-1457 | 1 Ibm | 1 Qradar Network Security | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128376.
|
|||||
| CVE-2017-8896 | 1 Owncloud | 1 Owncloud | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters.
|
|||||
| CVE-2016-5980 | 1 Ibm | 1 Tririga Application Platform | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2017-14755 | 1 Opentext | 1 Document Sciences Xpression | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, parameter: categoryId.
|
|||||
| CVE-2017-17383 | 1 Jenkins | 1 Jenkins | 2025-04-20 | 3.5 LOW | 4.7 MEDIUM |
|
Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624.
|
|||||
| CVE-2017-13994 | 1 Loytec | 2 Lvis-3me, Lvis-3me Firmware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link.
|
|||||
| CVE-2017-11460 | 1 Sap | 1 Netweaver Portal | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter to shp/shp_result.jsp, aka SAP Security Note 2308535.
|
|||||
| CVE-2017-2969 | 1 Adobe | 1 Campaign | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Campaign versions 16.4 Build 8724 and earlier have a cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2017-1494 | 1 Ibm | 1 Business Process Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128692.
|
|||||
| CVE-2016-4068 | 2 Opensuse, Roundcube | 4 Leap, Opensuse, Roundcube Webmail and 1 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.
|
|||||
| CVE-2017-7257 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to conduct the attack.
|
|||||
| CVE-2017-7388 | 1 Wallaceit | 1 Wallacepos | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross-Site Scripting (XSS) was discovered in 'wallacepos v1.4.1'. The vulnerability exists due to insufficient filtration of user-supplied data (token) passed to the 'wallacepos-master/myaccount/resetpassword.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
|
|||||
| CVE-2017-11458 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783.
|
|||||
| CVE-2017-3948 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session.
|
|||||
| CVE-2017-11128 | 1 Boltcms | 1 Bolt | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry.
|
|||||
| CVE-2017-15571 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data.
|
|||||
| CVE-2017-1429 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127587.
|
|||||
| CVE-2017-1160 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122892.
|
|||||
| CVE-2015-7878 | 1 Taxonomy Find Project | 1 Taxonomy Find | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x-2.x through 7.x-1.0 in Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via taxonomy vocabulary and term names.
|
|||||
| CVE-2016-10516 | 1 Palletsprojects | 1 Werkzeug | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message.
|
|||||
| CVE-2017-15215 | 1 Shaarli Project | 1 Shaarli | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global settings or add/delete links. It is also possible to execute JavaScript against unauthenticated users.
|
|||||
| CVE-2017-14516 | 1 Sap | 1 Businessobjects Financial Consolidation | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note 2422292.
|
|||||
| CVE-2017-11355 | 1 Pega | 1 Pega Platform | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) beanReference parameter to the JavaBean viewer page; or the (3) pyTableName to the System database schema modification page.
|
|||||
| CVE-2017-14371 | 1 Rsa | 1 Archer Grc Platform | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
|
|||||
| CVE-2017-5007 | 1 Google | 1 Chrome | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
|
|||||
| CVE-2017-6797 | 1 Mantisbt | 1 Mantisbt | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter.
|
|||||
| CVE-2017-1324 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125975.
|
|||||
| CVE-2017-6003 | 1 Dotcms | 1 Dotcms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields.
|
|||||
| CVE-2013-7430 | 1 Mapsplugin | 1 Googlemaps | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Googlemaps plugin before 3.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the xmlns parameter.
|
|||||
| CVE-2017-9623 | 1 Epesi | 1 Epesi | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data.
|
|||||
| CVE-2016-5226 | 1 Google | 1 Chrome | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar.
|
|||||