Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7992 | 1 Heartland Payment Systems | 1 Heartland-php | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php v2.8.17 is vulnerable to a reflected XSS in examples/consumer-authentication/cruise.php via the URI, as demonstrated by the cavv parameter.
|
|||||
| CVE-2017-2335 | 1 Juniper | 1 Screenos | 2025-04-20 | 3.5 LOW | 8.4 HIGH |
|
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Junip ...
Show More |
|||||
| CVE-2017-13724 | 1 Axesstel | 2 Mu553s, Mu553s Firmware | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site Scripting vulnerability in the APN parameter under the "Basic Settings" page.
|
|||||
| CVE-2017-1000140 | 1 Mahara | 1 Mahara | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file.
|
|||||
| CVE-2017-6864 | 1 Siemens | 1 Ruggedcom Rox I | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks.
|
|||||
| CVE-2017-17694 | 1 Techno - Portfolio Management Panel Project | 1 Techno - Portfolio Management Panel | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Techno - Portfolio Management Panel through 2017-11-16 allows XSS via the panel/search.php s parameter.
|
|||||
| CVE-2017-12927 | 1 Cacti | 1 Cacti | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php.
|
|||||
| CVE-2017-10837 | 1 Backup-guard | 1 Backup Guard | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in BackupGuard prior to version 1.1.47 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2017-11666 | 1 Kopano | 1 Webapp | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in js/ViewerPanel.js in the file previewer plugin in Kopano WebApp versions 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a specially crafted previewable file.
|
|||||
| CVE-2016-8855 | 1 Sitecore | 1 Experience Platform | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or Description parameter. This is fixed in 8.2 Update-2.
|
|||||
| CVE-2015-7667 | 1 Web-mv | 1 Resads | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in (1) templates/admanagement/admanagement.php and (2) templates/adspot/adspot.php in the ResAds plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter.
|
|||||
| CVE-2017-9548 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is scheduled for future publication (aka a pending page change).
|
|||||
| CVE-2016-8968 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998515.
|
|||||
| CVE-2017-10667 | 1 Zen-cart | 1 Zen Cart | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS.
|
|||||
| CVE-2017-12356 | 1 Cisco | 1 Jabber | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to cl ...
Show More |
|||||
| CVE-2017-17832 | 1 Serverscheck | 1 Monitoring Software | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter, and JavaScript can be executed on settings-save.html (the Settings - SMS Alerts page).
|
|||||
| CVE-2017-5621 | 1 Zammad | 1 Zammad | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. XSS can be triggered via malicious HTML in a chat message or the content of a ticket article, when using either the REST API or the WebSocket API.
|
|||||
| CVE-2016-6046 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2017-9061 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename.
|
|||||
| CVE-2017-3866 | 1 Cisco | 1 Prime Service Catalog | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A vulnerability in the web framework code of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvc79842 CSCvc79846 CSCvc79855 CSCvc79873 CSCvc79882 CSCvc79891. Known Affected Releases: 11.1.2.
|
|||||
| CVE-2017-8899 | 1 Invisioncommunity | 1 Invision Power Board | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
|
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The primary cause is the ability to upload an SVG document with a crafted attribute such an onload; however, full path disclosure is required for exploitation.
|
|||||
| CVE-2017-8763 | 1 Telaxius | 1 Epesi | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in modules/Base/Box/check_for_new_version.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URI that lacks the cid parameter.
|
|||||
| CVE-2016-10366 | 1 Elastic | 1 Kibana | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Kibana versions after and including 4.3 and before 4.6.2 are vulnerable to a cross-site scripting (XSS) attack.
|
|||||
| CVE-2014-8087 | 1 Post Highlights Projects | 1 Post Highlights | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the post highlights plugin before 2.6.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the txt parameter in a headline action to ajax/ph_save.php.
|
|||||
| CVE-2017-6907 | 1 Open.gl Project | 1 Open.gl | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Open.GL before 2017-03-13. The vulnerability exists due to insufficient filtration of user-supplied data (content) passed to the "Open.GL-master/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
|
|||||
| CVE-2017-17904 | 1 Fortunescripts | 1 Lynda Clone | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
FS Lynda Clone has XSS via the keywords parameter to tutorial/ or the edit_profile_first_name parameter to user/edit_profile.
|
|||||
| CVE-2017-14724 | 1 Wordpress | 1 Wordpress | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery.
|
|||||
| CVE-2016-9723 | 1 Ibm | 2 Qradar Incident Forensics, Qradar Security Information And Event Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534.
|
|||||
| CVE-2015-3432 | 1 Pydio | 1 Pydio | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly AjaXplorer) before 6.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Pydio XSS Vulnerabilities."
|
|||||
| CVE-2017-2255 | 1 Cybozu | 1 Garoon | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space".
|
|||||
| CVE-2017-10886 | 1 Cs-cart | 2 Cs-cart, Cs-cart Multivendor | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2017-6509 | 1 Burgundy-cms Project | 1 Burgundy-cms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a reflected XSS in admin/components/menu/views/menuitems.php (id parameter).
|
|||||
| CVE-2017-2504 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with WebKit Editor commands.
|
|||||
| CVE-2017-8085 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php.
|
|||||
| CVE-2017-12810 | 1 Stivasoft | 1 Phpjabbers Newsletter Script | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel.
|
|||||
| CVE-2017-1593 | 1 Ibm | 1 Rational Doors Next Generation | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132494.
|
|||||
| CVE-2017-6490 | 1 Epesi | 1 Epesi | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (cid, value, element, mode, tab, form_name, id) passed to the EPESI-master/modules/Utils/RecordBrowser/grid.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
|
|||||
| CVE-2017-1503 | 1 Ibm | 1 Websphere Application Server | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578.
|
|||||
| CVE-2017-2257 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function.
|
|||||
| CVE-2017-7409 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674.
|
|||||