Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15216 | 1 Misp-project | 1 Misp | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
MISP before 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.js.
|
|||||
| CVE-2017-11127 | 1 Boltcms | 1 Bolt | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header.
|
|||||
| CVE-2017-2339 | 1 Juniper | 1 Screenos | 2025-04-20 | 3.5 LOW | 8.4 HIGH |
|
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Junip ...
Show More |
|||||
| CVE-2017-10612 | 1 Juniper | 1 Junos Space | 2025-04-20 | 6.0 MEDIUM | 8.0 HIGH |
|
A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1.
|
|||||
| CVE-2017-1607 | 1 Ibm | 1 Rational Doors Next Generation | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132927.
|
|||||
| CVE-2017-13754 | 1 Wibu | 1 Codemeter | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the "server name" field in actions/ChangeConfiguration.html.
|
|||||
| CVE-2017-6544 | 1 Wuhu Project | 1 Wuhu | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Gargaj/wuhu through 2017-03-08 is vulnerable to a reflected XSS in wuhu-master/www_admin/users.php (id parameter).
|
|||||
| CVE-2016-10216 | 1 Sivann | 1 It Items Database | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The vulnerability exists due to insufficient filtration of user-supplied data in the "value" HTTP POST parameter passed to the "itdb-1.23/js/DataTables-1.8.2/examples/examples_support/editable_ajax.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
|
|||||
| CVE-2017-12572 | 1 Splunk | 1 Splunk | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104.
|
|||||
| CVE-2016-4849 | 1 Geeklog Project | 1 Geeklog | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COM_getCurrentURL function in (1) public_html/layout/default/header.thtml, (2) public_html/layout/bento/header.thtml, (3) public_html/layout/fotos/header.thtml, or (4) public_html/layout/default/article/article.thtml.
|
|||||
| CVE-2017-7953 | 1 Infor | 1 Enterprise Asset Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
INFOR EAM V11.0 Build 201410 has XSS via comment fields.
|
|||||
| CVE-2017-1363 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126856.
|
|||||
| CVE-2017-5490 | 1 Wordpress | 1 Wordpress | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php.
|
|||||
| CVE-2017-11744 | 1 Modx | 1 Modx Revolution | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In MODX Revolution 2.5.7, the "key" and "name" parameters in the System Settings module are vulnerable to XSS. A malicious payload sent to connectors/index.php will be triggered by every user, when they visit this module.
|
|||||
| CVE-2017-7987 | 1 Joomla | 1 Joomla\! | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.
|
|||||
| CVE-2017-18006 | 1 Extensis | 1 Portfolio Netpublish | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447.
|
|||||
| CVE-2016-9973 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209.
|
|||||
| CVE-2016-6348 | 1 Redhat | 1 Resteasy | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.
|
|||||
| CVE-2016-1179 | 1 Appleple | 1 A-blog Cms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML.
|
|||||
| CVE-2015-7562 | 1 Teampass | 1 Teampass | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.
|
|||||
| CVE-2017-12347 | 1 Cisco | 1 Data Center Network Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.
|
|||||
| CVE-2016-6096 | 1 Ibm | 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2017-1496 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Sterling B2B Integrator Standard Edition 5.2.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128694.
|
|||||
| CVE-2017-7663 | 1 Apache | 1 Openmeetings | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0.
|
|||||
| CVE-2017-2194 | 1 Ipa | 1 Icodechecker | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in Source code security studying tool iCodeChecker allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2016-5902 | 1 Ibm | 9 Maximo Asset Management, Maximo For Aviation, Maximo For Energy Optimization and 6 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2017-6769 | 1 Cisco | 1 Secure Access Control System | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
A vulnerability in the web-based management interface of the Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. More Information: CSCve70587. Known Affected Releases: 5.8(0.8) 5.8(1.5).
|
|||||
| CVE-2017-3155 | 1 Apache | 1 Atlas | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting.
|
|||||
| CVE-2017-2475 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames on a web site.
|
|||||
| CVE-2016-3407 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104222, 104910, 105071, and 105175.
|
|||||
| CVE-2017-9551 | 1 Mahara | 1 Mahara | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user's account.
|
|||||
| CVE-2017-15008 | 1 Paessler | 1 Prtg Network Monitor | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all sensor titles, related to incorrect error handling for a %00 in the SRC attribute of an IMG element.
|
|||||
| CVE-2017-12346 | 1 Cisco | 1 Data Center Network Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.
|
|||||
| CVE-2014-3926 | 1 Lg Project | 1 Lg | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in lg.cgi in Cougar LG 1.9 allows remote attackers to inject arbitrary web script or HTML via the "addr" parameter.
|
|||||
| CVE-2017-13778 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter.
|
|||||
| CVE-2017-9441 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 3.5 LOW | 2.7 LOW |
|
Multiple cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML by uploading a crafted package, triggering mishandling of the (1) title or (2) version or (3) author_name parameter in manifest.json. This issue exists in core\admin\modules\developer\extensions\install\unpack.php and core\admin\modules\developer\packages\install\unpack.php. NOTE: the vendor states "You must implicitly trust any package or exte ...
Show More |
|||||
| CVE-2016-9987 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120553.
|
|||||
| CVE-2017-2307 | 1 Juniper | 1 Junos Space | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remote attackers to steal sensitive information or perform certain administrative actions on Junos Space.
|
|||||
| CVE-2017-7944 | 1 Xoops | 1 Xoops | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install DB failure error message in page_dbsettings.php.
|
|||||
| CVE-2017-0107 | 1 Microsoft | 1 Sharepoint Foundation | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local security context, aka "Microsoft SharePoint XSS Vulnerability."
|
|||||