Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2146 | 1 Cybozu | 1 Garoon | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu.
|
|||||
| CVE-2015-8353 | 1 Role Scoper Project | 1 Role Scoper | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Role Scoper plugin before 1.3.67 for WordPress allows remote attackers to inject arbitrary web script or HTML via the object_name parameter in a rs-object_role_edit page to wp-admin/admin.php.
|
|||||
| CVE-2017-15728 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords.
|
|||||
| CVE-2017-6908 | 1 Concrete5 | 1 Concrete5 | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (fID) passed to the "concrete5-legacy-master/web/concrete/tools/files/selector_data.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
|
|||||
| CVE-2017-3874 | 1 Cisco | 1 Unified Communications Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. More Information: CSCvb70033. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.507) 11.0(1.23900.5) 11.0(1.23900.3) 10.5(2.15900.2).
|
|||||
| CVE-2016-5881 | 1 Ibm | 1 Inotes | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2017-8795 | 1 Accellion | 1 File Transfer Appliance | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/smtpg_add.html with the param parameter.
|
|||||
| CVE-2016-8999 | 1 Ibm | 3 Infosphere Datastage, Infosphere Information Server, Infosphere Information Server On Cloud | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious CSS.
|
|||||
| CVE-2017-10970 | 1 Cacti | 1 Cacti | 2025-04-20 | 4.3 MEDIUM | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php.
|
|||||
| CVE-2017-5599 | 1 Eclinicalworks | 1 Patient Portal | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a reflected Cross Site Scripting vulnerability which affects the raceMasterList.jsp page within the Patient Portal. Inserted payload is rendered within the Patient Portal and the raceMasterList.jsp page does not require authentication. The vulnerability can be used to extract sensitive information or perform attacks against the user's browser. The vulnerability affects the raceMasterList.jsp page and the following par ...
Show More |
|||||
| CVE-2017-2645 | 1 Moodle | 1 Moodle | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Moodle 3.x, XSS can occur via attachments to evidence of prior learning.
|
|||||
| CVE-2017-16721 | 1 Geovap | 1 Reliance-scada | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross-site Scripting issue was discovered in Geovap Reliance SCADA Version 4.7.3 Update 2 and prior. This vulnerability could allow an unauthenticated attacker to inject arbitrary code.
|
|||||
| CVE-2017-9655 | 1 Osisoft | 3 Pi Integrator For Business Analystics, Pi Integrator For Microsoft Azure, Pi Integrator For Sap Hana | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker may be able to upload a malicious script that attempts to redirect users to a malicious web site.
|
|||||
| CVE-2017-14619 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.
|
|||||
| CVE-2017-3829 | 1 Cisco | 1 Unified Communications Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc30999. Known Affected Releases: 12.0(0.98000.280). Known Fixed Releases: 11.0(1.23900.3) 12.0(0.98000.180) 12.0(0.98000.422) 12.0(0.98000.541) 12.0(0.98000.6).
|
|||||
| CVE-2017-2123 | 1 Onethird | 1 Onethird Cms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via language.php.
|
|||||
| CVE-2017-15872 | 1 Phpwcms | 1 Phpwcms | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the username (aka new_login) field.
|
|||||
| CVE-2013-7454 | 1 Nodejs | 1 Node.js | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings.
|
|||||
| CVE-2017-1000051 | 1 Xwiki | 1 Cryptpad | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content
|
|||||
| CVE-2016-9704 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2017-7296 | 1 Contiki-os | 1 Contiki | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page (aka mqtt.html) of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configure that device's operation by sending HTTP POST requests. The vulnerability consists of improper input sanitisation of the text fields on the MQTT/IBM Cloud config page, allowing for JavaScript code in ...
Show More |
|||||
| CVE-2017-11195 | 1 Pulsesecure | 1 Pulse Connect Secure | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags, so one cannot simply close the src with a quote and inject after that. However, an attacker can use javascript: or data: to abuse this.
|
|||||
| CVE-2017-14321 | 1 Mirasvit | 1 Helpdesk Mx | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) customer name or (2) subject in a ticket.
|
|||||
| CVE-2016-6800 | 1 Apache | 1 Ofbiz | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not properly sanitized. It is possible to inject arbitrary JavaScript code in these form fields. This code gets executed from the browser of every user who is visiting this article. Mitigation: Upgrade to Apach ...
Show More |
|||||
| CVE-2017-1348 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126524.
|
|||||
| CVE-2016-7762 | 1 Apple | 1 Iphone Os | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebKit" component, which allows XSS attacks against Safari.
|
|||||
| CVE-2016-9222 | 1 Cisco | 1 Netflow Generation Appliance | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco NetFlow Generation Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvb15229. Known Affected Releases: 1.0(2).
|
|||||
| CVE-2017-15360 | 1 Paessler | 1 Prtg Network Monitor | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all group names created, related to incorrect error handling for an HTML encoded script.
|
|||||
| CVE-2017-14498 | 1 Silverstripe | 1 Silverstripe | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017.
|
|||||
| CVE-2015-6959 | 1 Vindula | 1 Vindula | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Vindula 1.9.
|
|||||
| CVE-2017-11296 | 1 Adobe | 1 Experience Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager.
|
|||||
| CVE-2014-6191 | 1 Ibm | 1 Curam Social Program Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 98568.
|
|||||
| CVE-2017-12812 | 1 Stivasoft | 1 Phpjabbers Night Club Booking Software | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab.
|
|||||
| CVE-2016-9980 | 1 Ibm | 1 Curam Social Program Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120256.
|
|||||
| CVE-2017-1591 | 1 Ibm | 1 Datapower Gateway | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132368.
|
|||||
| CVE-2012-4378 | 1 Mediawiki | 1 Mediawiki | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web script or HTML via the userlang parameter to w/index.php.
|
|||||
| CVE-2017-17451 | 1 Wpmailster | 1 Wp Mailster | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.
|
|||||
| CVE-2017-7416 | 1 Ntop | 1 Ntopng | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated.
|
|||||
| CVE-2016-8359 | 1 Moxa | 19 Iologik E1200 Series Firmware, Iologik E1210, Iologik E1211 and 16 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 ...
Show More |
|||||
| CVE-2017-11503 | 1 Phpmailer Project | 1 Phpmailer | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php.
|
|||||