Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7275 | 1 Dell | 4 Integrated Remote Access Controller 6, Integrated Remote Access Controller 7, Integrated Remote Access Controller 8 and 1 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS.
|
|||||
| CVE-2017-16956 | 1 Symphony Project | 1 Symphony | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title.
|
|||||
| CVE-2017-9802 | 1 Apache | 1 Sling Servlets Post | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript 'eval' function to parse input strings, which allows for XSS attacks by passing specially crafted input strings.
|
|||||
| CVE-2016-6061 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2017-15881 | 1 Keystonejs | 1 Keystone | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878.
|
|||||
| CVE-2017-10896 | 1 Buffalo | 4 Bbr-4hg, Bbr-4hg Firmware, Bbr-4mg and 1 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2017-17958 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter.
|
|||||
| CVE-2017-8920 | 1 Cgiirc | 1 Cgi\ | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS.
|
|||||
| CVE-2016-6333 | 1 Mediawiki | 1 Mediawiki | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css.
|
|||||
| CVE-2016-5984 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct clickjacking or other client-side browser attacks.
|
|||||
| CVE-2015-2883 | 1 Philips | 1 In.sight B120\\37 | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php.
|
|||||
| CVE-2016-4317 | 1 Atlassian | 1 Confluence | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page.
|
|||||
| CVE-2017-4926 | 1 Vmware | 1 Vcenter Server | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page.
|
|||||
| CVE-2017-7202 | 1 Slims | 1 Slims7 Cendana | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana before 2017-03-16. The vulnerabilities exist due to insufficient filtration of user-supplied data (id) passed to the 'slims7_cendana-master/template/default/detail_template.php' and 'slims7_cendana-master/template/default-rtl/detail_template.php' URLs. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
|
|||||
| CVE-2016-7810 | 1 Corega | 2 Cg-wlr300nx, Cg-wlr300nx Firmware | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2017-1245 | 1 Ibm | 1 Rational Software Architect Design Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124580.
|
|||||
| CVE-2017-6618 | 1 Cisco | 1 Integrated Management Controller Supervisor | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading an authenticated user of the web-based GUI on an affected system to follow a malicious link. A successful exploit could allow the attacker to execute arb ...
Show More |
|||||
| CVE-2016-3015 | 1 Ibm | 1 Cognos Analytics | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998887.
|
|||||
| CVE-2014-8758 | 1 Tech-banker | 1 Gallery Bank | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in the gallery_album_sorting page to wp-admin/admin.php.
|
|||||
| CVE-2017-14347 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action.
|
|||||
| CVE-2017-16785 | 1 Cacti | 1 Cacti | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.
|
|||||
| CVE-2017-7361 | 1 Lucidcrew | 1 Pixie | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack.
|
|||||
| CVE-2015-3299 | 1 Floating Social Bar Project | 1 Floating Social Bar | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Floating Social Bar plugin before 1.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to original service order.
|
|||||
| CVE-2017-9622 | 1 Epesi | 1 Epesi | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data.
|
|||||
| CVE-2017-12844 | 1 Icewarp | 1 Mail Server | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name.
|
|||||
| CVE-2017-12269 | 1 Cisco | 1 Spark | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
A vulnerability in the web UI of Cisco Spark Messaging Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web UI of the affected software. An attacker could exploit this vulnerability by injecting XSS content into the web UI of the affected software. A successful exploit could allow the attacker to force a user to execute code of the attacker's choosing or allow the attacke ...
Show More |
|||||
| CVE-2017-12794 | 1 Djangoproject | 1 Django | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings.
|
|||||
| CVE-2017-1000102 | 1 Jenkins | 1 Static Analysis Utilities | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view.
|
|||||
| CVE-2015-7565 | 1 Emberjs | 1 Ember.js | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML.
|
|||||
| CVE-2017-16781 | 1 Mybb | 1 Mybb | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
The installer in MyBB before 1.8.13 has XSS.
|
|||||
| CVE-2017-1321 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125916.
|
|||||
| CVE-2017-8000 | 1 Emc | 1 Rsa Authentication Manager | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database. The profile name could include a crafted script (with an XSS payload) that could be executed when viewing or editing the assigned token profile in the token by another administrator's browser session.
|
|||||
| CVE-2017-14718 | 1 Wordpress | 1 Wordpress | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL.
|
|||||
| CVE-2017-15863 | 1 Wp No External Links Project | 1 Wp No External Links | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin before 3.5.19 for WordPress via the date1 or date2 parameter to wp-admin/options-general.php.
|
|||||
| CVE-2017-6973 | 1 Mantisbt | 1 Mantisbt | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2.
|
|||||
| CVE-2017-17981 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter.
|
|||||
| CVE-2017-14192 | 1 Finecms Project | 1 Finecms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The checktitle function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the module field.
|
|||||
| CVE-2017-1169 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123188.
|
|||||
| CVE-2017-15810 | 1 Popcash | 1 Popcash.net Code Integration Tool | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The PopCash.Net Code Integration Tool plugin before 1.1 for WordPress has XSS via the tab parameter to wp-admin/admin.php.
|
|||||
| CVE-2017-9313 | 1 Webmin | 1 Webmin | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840.
|
|||||