Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7103 | 7 Debian, Fedoraproject, Jqueryui and 4 more | 13 Debian Linux, Fedora, Jquery Ui and 10 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
|
|||||
| CVE-2017-7391 | 1 Magmi Project | 1 Magmi | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the 'magmi-git-master/magmi/web/ajax_gettime.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
|
|||||
| CVE-2017-13697 | 1 Finecms Project | 1 Finecms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable.
|
|||||
| CVE-2017-6812 | 1 Mangoswebv4 Project | 1 Mangoswebv4 | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.vote.php (id parameter).
|
|||||
| CVE-2017-1552 | 1 Ibm | 1 Infosphere Biginsights | 2025-04-20 | 4.9 MEDIUM | 5.4 MEDIUM |
|
IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 131396.
|
|||||
| CVE-2017-14413 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php.
|
|||||
| CVE-2017-5608 | 1 Piwigo | 1 Piwigo | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the image upload function in Piwigo before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via a crafted image filename.
|
|||||
| CVE-2017-8298 | 1 Cnvs | 1 Canvas | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a "Posts > Add New" action, and during creation of new tags and users.
|
|||||
| CVE-2017-14735 | 1 Antisamy Project | 1 Antisamy | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.
|
|||||
| CVE-2017-1000164 | 1 Tine20 | 1 Tine 2.0 | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation
|
|||||
| CVE-2017-8838 | 1 Peplink | 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/HASync/hasync.cgi.
|
|||||
| CVE-2017-6391 | 1 Kaltura | 1 Kaltura Server | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "admin_console/web/tools/SimpleJWPlayer.php" URL, the "admin_console/web/tools/AkamaiBroadcaster.php" URL, the "admin_console/web/tools/bigRedButton.php" URL, and the "admin_console/web/tools/bigRedButtonPtsPoc.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
|
|||||
| CVE-2016-6056 | 1 Ibm | 1 Call Center For Commerce | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Call Center for Commerce 9.3 and 9.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000442.
|
|||||
| CVE-2017-14985 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the url parameter to module/module_frame/index.php.
|
|||||
| CVE-2015-8862 | 1 Mustache.js Project | 1 Mustache.js | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
|
|||||
| CVE-2017-15291 | 1 Tp-link | 2 Tl-mr3220, Tl-mr3220 Firmware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering page in TP-LINK TL-MR3220 wireless routers allows remote attackers to inject arbitrary web script or HTML via the Description field.
|
|||||
| CVE-2016-4923 | 1 Juniper | 1 Junos | 2025-04-20 | 4.3 MEDIUM | 8.0 HIGH |
|
Insufficient cross site scripting protection in J-Web component in Juniper Networks Junos OS may potentially allow a remote unauthenticated user to inject web script or HTML and steal sensitive data and credentials from a J-Web session and to perform administrative actions on the Junos device. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. Affected releases are Juniper Networks Junos OS 11.4 prior to 11.4R13-S3; 12.1X44 prior to 12.1X44-D60; 12.1X46 prior to 12.1X ...
Show More |
|||||
| CVE-2017-17953 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter.
|
|||||
| CVE-2017-17092 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file.
|
|||||
| CVE-2013-7433 | 1 Mapsplugin | 1 Googlemaps | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Googlemaps plugin before 3.1 for Joomla!.
|
|||||
| CVE-2017-5004 | 2 Emc, Rsa | 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.
|
|||||
| CVE-2017-1325 | 1 Ibm | 1 Inotes | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125976.
|
|||||
| CVE-2016-5948 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2017-14715 | 1 Telaxius | 1 Epesi | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter.
|
|||||
| CVE-2017-6540 | 1 Webpagetest Project | 1 Webpagetest | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (configs) passed to the webpagetest-master/www/benchmarks/compare.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
|
|||||
| CVE-2016-9000 | 1 Ibm | 2 Infosphere Datastage, Infosphere Information Server On Cloud | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct clickjacking or other client-side browser attacks.
|
|||||
| CVE-2016-9128 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an attacker to steal the session ID of an authenticated user, by tricking them into visiting a specifically crafted URL.
|
|||||
| CVE-2017-11320 | 1 Technicolor | 2 Tc7337, Tc7337 Firmware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router.
|
|||||
| CVE-2017-1001001 | 1 Pluxml | 1 Pluxml | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges.
|
|||||
| CVE-2017-7298 | 1 Moodle | 1 Moodle | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add a new course" page, as demonstrated by a crafted attribute of an SVG element.
|
|||||
| CVE-2017-14036 | 1 Crushftp | 1 Crushftp | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
CrushFTP before 7.8.0 and 8.x before 8.2.0 has XSS.
|
|||||
| CVE-2017-16789 | 2 Integrationmatters, Tibco | 2 Njams, Businessworks Process Monitor | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS 3 before 3.2.0 Hotfix 7, as used in TIBCO BusinessWorks Process Monitor through 3.0.1.3 and other products, allows remote authenticated administrators to inject arbitrary web script or HTML via the users management panel of the web interface.
|
|||||
| CVE-2017-7241 | 1 Mantisbt | 1 Mantisbt | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings allows it. This is fixed in 1.3.9, 2.1.3, and 2.2.3. Note that this vulnerability is not exploitable if the admin tools directory is removed, as recommended in the "Post-installation and upgrade tasks" of the MantisBT Admin Guide. A remind ...
Show More |
|||||
| CVE-2017-14372 | 1 Rsa | 1 Archer Grc Platform | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
|
|||||
| CVE-2016-6837 | 1 Mantisbt | 1 Mantisbt | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in MantisBT Filter API in MantisBT versions before 1.2.19, and versions 2.0.0-beta1, 1.3.0-beta1 allows remote attackers to inject arbitrary web script or HTML via the 'view_type' parameter.
|
|||||
| CVE-2017-3008 | 1 Adobe | 1 Coldfusion | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a reflected cross-site scripting vulnerability.
|
|||||
| CVE-2017-17956 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter.
|
|||||
| CVE-2017-10798 | 1 Objectplanet | 1 Opinio | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In ObjectPlanet Opinio before 7.6.4, there is XSS.
|
|||||
| CVE-2017-9068 | 1 Modx | 1 Modx Revolution | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter.
|
|||||
| CVE-2017-15911 | 1 Igniterealtime | 1 Openfire | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application.
|
|||||