Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1369 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126862.
|
|||||
| CVE-2017-6393 | 1 Nagvis | 1 Nagvis | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in NagVis 1.9b12. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "nagvis-master/share/userfiles/gadgets/std_table.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
|
|||||
| CVE-2017-2136 | 1 Wp Statistics | 1 Wp Statistics | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.
|
|||||
| CVE-2017-7188 | 1 Zurmo | 1 Zurmo Crm | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse.
|
|||||
| CVE-2016-5940 | 1 Ibm | 1 Kenexa Lms | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2016-3101 | 1 Jenkins | 1 Extra Columns | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows remote attackers to inject arbitrary web script or HTML by leveraging failure to filter tool tips through the configured markup formatter.
|
|||||
| CVE-2016-5761 | 1 Novell | 1 Groupwise | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email.
|
|||||
| CVE-2015-5169 | 1 Apache | 1 Struts | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.
|
|||||
| CVE-2016-0765 | 1 Elfden | 1 Eshop Plugin | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) action parameter.
|
|||||
| CVE-2017-1203 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123678.
|
|||||
| CVE-2017-9668 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action.
|
|||||
| CVE-2017-1354 | 1 Ibm | 1 Atlas Ediscovery Process Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126681.
|
|||||
| CVE-2017-1113 | 1 Ibm | 1 Rational Team Concert | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Rational Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121151.
|
|||||
| CVE-2017-14197 | 1 Squiz | 1 Matrix | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting (XSS) issues in Matrix WYSIWYG plugins.
|
|||||
| CVE-2016-9148 | 1 Ca | 1 Service Desk Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM parameter.
|
|||||
| CVE-2017-9251 | 1 Finecms Project | 1 Finecms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php.
|
|||||
| CVE-2017-1531 | 1 Ibm | 1 Business Process Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130410.
|
|||||
| CVE-2016-7140 | 1 Plone | 1 Plone | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2017-6480 | 1 Groovel Project | 1 Cmsgroovel | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS in commons/browser.php (path parameter).
|
|||||
| CVE-2017-2216 | 1 W3eden | 1 Download Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2017-1140 | 1 Ibm | 1 Business Process Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2017-5964 | 1 Openenergymonitor | 1 Emoncms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Emoncms through 9.8.0. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "emoncms-master/Modules/vis/visualisations/compare.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
|
|||||
| CVE-2017-5157 | 2 Schneider-electric, Schneider Electric | 2 Homelynk Controller Lss100100, Homelynk Controller Lss100100 Firmware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of JavaScript code.
|
|||||
| CVE-2017-8102 | 1 S9y | 1 Serendipity | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin.
|
|||||
| CVE-2017-11107 | 2 Debian, Phpldapadmin Project | 2 Debian Linux, Phpldapadmin | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter.
|
|||||
| CVE-2017-5882 | 1 Sanadata | 1 Sanacms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
|
|||||
| CVE-2017-6589 | 1 Epiceditor Project | 1 Epiceditor | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
EpicEditor through 0.2.3 has Cross-Site Scripting because of an insecure default marked.js configuration. An example attack vector is a crafted IMG element in an HTML document.
|
|||||
| CVE-2017-1000015 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters
|
|||||
| CVE-2017-8654 | 1 Microsoft | 1 Sharepoint Server | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability".
|
|||||
| CVE-2016-3031 | 1 Ibm | 1 Cognos Analytics | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998887.
|
|||||
| CVE-2017-14957 | 1 Blogotext Project | 1 Blogotext | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can (for example) change global settings or create/delete posts. It is also possible to execute JavaScript against unauthenticated users of the blog.
|
|||||
| CVE-2017-8559 | 1 Microsoft | 1 Exchange Server | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8560.
|
|||||
| CVE-2017-1502 | 1 Ibm | 1 Content Navigator | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129577.
|
|||||
| CVE-2016-8356 | 1 Kabona Ab | 1 Webdatorcentral | 2025-04-20 | 4.3 MEDIUM | 8.2 HIGH |
|
An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. The web server URL inputs are not sanitized correctly, which may allow cross-site scripting vulnerabilities.
|
|||||
| CVE-2017-15538 | 1 Ilias | 1 Ilias | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php.
|
|||||
| CVE-2016-9715 | 1 Ibm | 1 Infosphere Master Data Management Server | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119728.
|
|||||
| CVE-2017-1000035 | 1 Tt-rss | 1 Tiny Tiny Rss | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack
|
|||||
| CVE-2016-5682 | 1 Smartbear | 1 Swagger-ui | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.
|
|||||
| CVE-2017-7250 | 1 Gazelle Project | 1 Gazelle | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data (action) passed to the 'Gazelle-master/sections/tools/finances/bitcoin_balance.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
|
|||||
| CVE-2017-14241 | 1 Dolibarr | 1 Dolibarr | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php.
|
|||||