Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16856 | 1 Atlassian | 1 Confluence | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme.
|
|||||
| CVE-2017-1000058 | 1 Chevereto | 1 Chevereto | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, one in the user profile and one in the Exif data parser.
|
|||||
| CVE-2016-2979 | 1 Ibm | 1 Sametime | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113945.
|
|||||
| CVE-2017-15305 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php.
|
|||||
| CVE-2017-3845 | 1 Cisco | 1 Prime Collaboration Assurance | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Affected Products: Cisco Prime Collaboration Assurance software versions 11.0, 11.1, and 11.5 are vulnerable. Cisco Prime Collaboration Assurance software versions prior to 11.0 are not vulnerable. More Information: CSCvc77783. Known Af ...
Show More |
|||||
| CVE-2017-16681 | 1 Sap | 1 Business Intelligence Promotion Management Application | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as user controlled inputs are not sufficiently encoded.
|
|||||
| CVE-2017-17826 | 1 Piwigo | 1 Piwigo | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.php?page=configuration§ion=main request. An attacker can exploit this to hijack a client's browser along with the data stored in it.
|
|||||
| CVE-2017-15878 | 1 Keystonejs | 1 Keystone | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature.
|
|||||
| CVE-2017-12321 | 1 Cisco | 1 Registered Envelope Service | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a mali ...
Show More |
|||||
| CVE-2017-9816 | 1 Paessler | 1 Prtg Network Monitor | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Monitor before 17.2.32.2279 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2017-17993 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request.
|
|||||
| CVE-2017-5191 | 1 Netiq | 1 Access Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header.
|
|||||
| CVE-2017-2092 | 1 Cybozu | 1 Garoon | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2016-8934 | 1 Ibm | 1 Websphere Application Server | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2016-3048 | 1 Ibm | 1 Openpages Grc Platform | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114711.
|
|||||
| CVE-2017-7626 | 1 Smart Related Articles Project | 1 Smart Related Articles | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The "Smart related articles" extension 1.1 for Joomla! has XSS in dialog.php (n_art,type in GET Method).
|
|||||
| CVE-2016-7509 | 1 Glpi-project | 1 Glpi | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket.
|
|||||
| CVE-2017-6701 | 1 Cisco | 1 Identity Services Engine | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A vulnerability in the web application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvd49141. Known Affected Releases: 2.1(102.101).
|
|||||
| CVE-2016-6201 | 1 Ektron | 1 Ektron Content Management System | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the ContType parameter in a ViewContentByCategory action to WorkArea/content.aspx.
|
|||||
| CVE-2017-14622 | 1 2kblater | 1 2kb Amazon Affiliates Store | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php.
|
|||||
| CVE-2017-9072 | 1 Calendarxp | 2 Flatcalendarxp, Popcalendarxp | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Two CalendarXP products have XSS in common parts of HTML files. CalendarXP FlatCalendarXP through 9.9.290 has XSS in iflateng.htm and nflateng.htm. CalendarXP PopCalendarXP through 9.8.308 has XSS in ipopeng.htm and npopeng.htm.
|
|||||
| CVE-2016-10513 | 1 Piwigo | 1 Piwigo | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted search expression to include/functions_search.inc.php.
|
|||||
| CVE-2017-5488 | 1 Wordpress | 1 Wordpress | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin.
|
|||||
| CVE-2017-5832 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address.
|
|||||
| CVE-2017-6788 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the WebLaunch function of the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepti ...
Show More |
|||||
| CVE-2017-9305 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php.
|
|||||
| CVE-2017-9613 | 1 Sap | 1 Successfactors | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality.
|
|||||
| CVE-2017-1549 | 1 Ibm | 1 Sterling File Gateway | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131289.
|
|||||
| CVE-2017-2168 | 1 Wpbookingsystem | 1 Wp Booking System | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2017-7734 | 1 Fortinet | 1 Fortios | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions.
|
|||||
| CVE-2017-5998 | 1 Intersect Alliance | 1 Snare Epilog | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in InterSect Alliance SNARE Epilog for UNIX version 1.5 allows remote authenticated users to inject arbitrary web script or HTML via the str_log_name parameter in a "Web Admin Portal > Log Configuration > Add" action.
|
|||||
| CVE-2017-5942 | 1 Wp Mail Project | 1 Wp Mail | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail.
|
|||||
| CVE-2017-12304 | 1 Cisco | 1 Ios | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A vulnerability in the IOS daemon (IOSd) web-based management interface of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A ...
Show More |
|||||
| CVE-2017-9249 | 1 Allen Disk Project | 1 Allen Disk | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATH_INFO to readfile.php.
|
|||||
| CVE-2016-7111 | 1 Mantisbt | 1 Mantisbt | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
|
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
|
|||||
| CVE-2017-3151 | 1 Apache | 1 Atlas | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality.
|
|||||
| CVE-2017-7316 | 1 Humaxdigital | 2 Hg100r, Hg100r Firmware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered on Humax Digital HG100R 2.0.6 devices. There is XSS on the 404 page.
|
|||||
| CVE-2017-7871 | 1 Tdm Project | 1 Tdm | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in tdm-master/webhook.php (challenge parameter).
|
|||||
| CVE-2015-9102 | 1 Synology | 1 Photo Station | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos.
|
|||||
| CVE-2016-2938 | 1 Ibm | 2 Domino, Inotes | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||