Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3838 | 1 Cisco | 1 Secure Access Control System | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvc04838. Known Affected Releases: 5.8(2.5).
|
|||||
| CVE-2016-3150 | 1 Barco | 4 Clickshare Csc-1, Clickshare Csc-1 Firmware, Clickshare Cse-200 and 1 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2014-8957 | 1 Openkm | 1 Openkm | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter.
|
|||||
| CVE-2016-4897 | 1 Webmin | 1 Usermin | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690.
|
|||||
| CVE-2017-11288 | 1 Adobe | 1 Connect | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.
|
|||||
| CVE-2017-1291 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152.
|
|||||
| CVE-2017-7320 | 1 Modx | 1 Modx Revolution | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a denial of service (cookie quota exhaustion), or conduct HTTP Response Splitting attacks with resultant XSS, via an invalid parameter value.
|
|||||
| CVE-2017-7255 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. Someone must login to conduct the attack.
|
|||||
| CVE-2016-0919 | 1 Rsa | 1 Web Threat Detection | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
EMC RSA Web Threat Detection version 5.0, RSA Web Threat Detection version 5.1, RSA Web Threat Detection version 5.1.2 has a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.
|
|||||
| CVE-2017-16833 | 1 Gemirro Project | 1 Gemirro | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Stored cross-site scripting (XSS) vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file.
|
|||||
| CVE-2015-3169 | 1 Askbot | 1 Askbot | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in askbot 0.7.51-4.el6.noarch.
|
|||||
| CVE-2017-1365 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 126858.
|
|||||
| CVE-2017-7362 | 1 Lucidcrew | 1 Pixie | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack.
|
|||||
| CVE-2017-6909 | 1 Shishnet | 1 Shimmie | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Shimmie <= 2.5.1. The vulnerability exists due to insufficient filtration of user-supplied data (log) passed to the "shimmie2-master/ext/chatbox/history/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
|
|||||
| CVE-2017-12323 | 1 Cisco | 1 Registered Envelope Service | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a mali ...
Show More |
|||||
| CVE-2017-1128 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2017-6877 | 1 Lutim Project | 1 Lutim | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in SVG file handling in Lutim 0.7.1 and earlier allows remote attackers to inject arbitrary web script.
|
|||||
| CVE-2017-8017 | 1 Emc | 1 Smarts Network Configuration Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system.
|
|||||
| CVE-2017-6535 | 1 Webpagetest Project | 1 Webpagetest | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, url) passed to the webpagetest-master/www/benchmarks/trendurl.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
|
|||||
| CVE-2015-3615 | 1 Fortinet | 7 Fortimanager 2000e, Fortimanager 200d, Fortimanager 3000f and 4 more | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack.
|
|||||
| CVE-2017-0017 | 1 Microsoft | 1 Edge | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The RegEx class in the XSS filter in Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0065, and CVE-2017-0068.
|
|||||
| CVE-2017-9510 | 1 Atlassian | 1 Fisheye | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
The repository changelog resource in Atlassian Fisheye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters.
|
|||||
| CVE-2016-9737 | 1 Ibm | 1 Tririga Application Platform | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1996200.
|
|||||
| CVE-2017-17955 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter.
|
|||||
| CVE-2017-12358 | 1 Cisco | 1 Jabber | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A ...
Show More |
|||||
| CVE-2016-4056 | 1 Typo3 | 1 Typo3 | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark.
|
|||||
| CVE-2017-7389 | 1 Openeclass | 1 Openeclass | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple Cross-Site Scripting (XSS) were discovered in 'openeclass Release_3.5.4'. The vulnerabilities exist due to insufficient filtration of user-supplied data (meeting_id, user) passed to the 'openeclass-master/modules/tc/webconf/webconf.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
|
|||||
| CVE-2016-9872 | 1 Emc | 1 Documentum D2 | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.
|
|||||
| CVE-2017-16792 | 1 Geminabox Project | 1 Geminabox | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb.
|
|||||
| CVE-2017-12882 | 1 Spring Batch Admin Project | 1 Spring Batch Admin | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality.
|
|||||
| CVE-2017-1485 | 1 Ibm | 1 Cognos Analytics | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128623.
|
|||||
| CVE-2017-8550 | 1 Microsoft | 1 Office | 2025-04-20 | 4.3 MEDIUM | 5.4 MEDIUM |
|
A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability".
|
|||||
| CVE-2016-5883 | 1 Ibm | 1 Inotes | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997010.
|
|||||
| CVE-2017-6491 | 1 Epesi | 1 Epesi | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (tooltip_id, callback, args, cid) passed to the EPESI-master/modules/Utils/Tooltip/req.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
|
|||||
| CVE-2016-10704 | 1 Magento | 1 Magento | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503.
|
|||||
| CVE-2017-1331 | 1 Ibm | 1 Content Navigator | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126233.
|
|||||
| CVE-2017-6397 | 1 Flightairmap | 1 Flightairmap | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in FlightAirMap v1.0-beta.10. The vulnerability exists due to insufficient filtration of user-supplied data in multiple parameters passed to several *-sub-menu.php pages. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
|
|||||
| CVE-2015-8687 | 1 Alcatel-lucent | 1 Motive Home Device Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager (HDM) before 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceTypeID parameter to DeviceType/getDeviceType.do; the (2) policyActionClass or (3) policyActionName parameter to PolicyAction/findPolicyActions.do; the deviceID parameter to (4) SingleDeviceMgmt/getDevice.do or (5) device/editDevice.do; the operation parameter to (6) ajax.do or (7 ...
Show More |
|||||
| CVE-2017-6818 | 1 Wordpress | 1 Wordpress | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names.
|
|||||
| CVE-2017-3129 | 1 Fortinet | 1 Fortiweb | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature.
|
|||||