Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18491 | 1 Bestwebsoft | 1 Contact Form | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues.
|
|||||
| CVE-2017-18490 | 1 Bestwebsoft | 1 Contact Form Multi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The contact-form-multi plugin before 1.2.1 for WordPress has multiple XSS issues.
|
|||||
| CVE-2017-18489 | 1 Mediaburst | 1 Contact Form 7 - Clockwork Sms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The contact-form-7-sms-addon plugin before 2.4.0 for WordPress has XSS.
|
|||||
| CVE-2017-18488 | 1 Backup-guard | 1 Backup Guard | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Backup Guard plugin before 1.1.47 for WordPress has multiple XSS issues.
|
|||||
| CVE-2017-18487 | 1 Google Adsense Project | 1 Google Adsense | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The adsense-plugin (aka Google AdSense) plugin before 1.44 for WordPress has multiple XSS issues.
|
|||||
| CVE-2017-18484 | 1 Elementalpath | 2 Cognitoys Dino, Cognitoys Dino Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cognitoys Dino devices allow XSS via the SSID.
|
|||||
| CVE-2017-18483 | 1 Annke | 2 Sp1, Sp1 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
ANNKE SP1 HD wireless camera 3.4.1.1604071109 devices allow XSS via a crafted SSID.
|
|||||
| CVE-2017-18481 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211).
|
|||||
| CVE-2017-18473 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199).
|
|||||
| CVE-2017-18472 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198).
|
|||||
| CVE-2017-18471 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197).
|
|||||
| CVE-2017-18456 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217).
|
|||||
| CVE-2017-18454 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262).
|
|||||
| CVE-2017-18420 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269).
|
|||||
| CVE-2017-18419 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266).
|
|||||
| CVE-2017-18418 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265).
|
|||||
| CVE-2017-18417 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263).
|
|||||
| CVE-2017-18408 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282).
|
|||||
| CVE-2017-18402 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336).
|
|||||
| CVE-2017-18364 | 1 Frank-karau | 1 Phpfk | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
|
phpFK lite has XSS via the faq.php, members.php, or search.php query string or the user.php user parameter.
|
|||||
| CVE-2017-18358 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
LimeSurvey before 2.72.4 has Stored XSS by using the Continue Later (aka Resume later) feature to enter an email address, which is mishandled in the admin panel.
|
|||||
| CVE-2017-18352 | 1 Google | 1 Rendertron | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Error reporting within Rendertron 1.0.0 allows reflected Cross Site Scripting (XSS) from invalid URLs.
|
|||||
| CVE-2017-18343 | 1 Sensiolabs | 1 Symfony | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar
|
|||||
| CVE-2017-18286 | 1 Nzedb | 1 Nzedb | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
nZEDb v0.7.3.3 has XSS in the 404 error page.
|
|||||
| CVE-2017-18259 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0.
|
|||||
| CVE-2017-18228 | 1 Bmc | 1 Remedy Action Request System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey parameter in an arsys/servlet/AttachServlet request.
|
|||||
| CVE-2017-18217 | 1 Invoiceplane | 1 Invoiceplane | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in InvoicePlane before 1.5.5. It was observed that the Email address and Web address parameters are vulnerable to Cross Site Scripting, related to application/modules/clients/views/view.php, application/modules/invoices/views/view.php, and application/modules/quotes/views/view.php.
|
|||||
| CVE-2017-18177 | 1 Progress | 1 Sitefinity | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1.
|
|||||
| CVE-2017-18176 | 1 Progress | 1 Sitefinity | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1.
|
|||||
| CVE-2017-18175 | 1 Progress | 1 Sitefinity | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. This is fixed in 10.1.
|
|||||
| CVE-2017-18121 | 2 Debian, Simplesamlphp | 2 Debian Linux, Simplesamlphp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser.
|
|||||
| CVE-2017-18102 | 1 Atlassian | 1 Jira Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The wiki markup component of atlassian-renderer from version 8.0.0 before version 8.0.22 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in nested wiki markup.
|
|||||
| CVE-2017-18100 | 1 Atlassian | 1 Jira | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters.
|
|||||
| CVE-2017-18098 | 1 Atlassian | 1 Jira | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields.
|
|||||
| CVE-2017-18097 | 1 Atlassian | 1 Jira | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card.
|
|||||
| CVE-2017-18094 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the base path setting of a configured file system repository.
|
|||||
| CVE-2017-18093 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allow remote attackers who have permission to add or modify a repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the location setting of a configured repository.
|
|||||
| CVE-2017-18092 | 1 Atlassian | 1 Crucible | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The print snippet resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of a comment on the snippet.
|
|||||
| CVE-2017-18091 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup.
|
|||||
| CVE-2017-18090 | 1 Atlassian | 1 Fisheye | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author.
|
|||||