Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18097 | 1 Atlassian | 1 Jira | 2018-05-09 | 3.5 LOW | 5.4 MEDIUM |
| The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card. | |||||
| CVE-2017-18098 | 1 Atlassian | 1 Jira | 2018-05-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields. | |||||
| CVE-2018-9034 | 1 Relevanssi | 1 Relevanssi | 2018-05-09 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter. | |||||
| CVE-2018-6905 | 1 Typo3 | 1 Typo3 | 2018-05-09 | 3.5 LOW | 4.8 MEDIUM |
| The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process. | |||||
| CVE-2018-9238 | 1 Yahei | 1 Yahei Php Prober | 2018-05-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName parameter. | |||||
| CVE-2016-9731 | 1 Ibm | 1 Business Process Manager | 2018-05-02 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2017-6103 | 1 Anyvar Project | 1 Anyvar | 2018-05-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1. | |||||
| CVE-2018-9237 | 1 Iscripts | 1 Easycreate | 2018-05-02 | 3.5 LOW | 5.4 MEDIUM |
| iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description" field. | |||||
| CVE-2018-9236 | 1 Iscripts | 1 Easycreate | 2018-05-02 | 3.5 LOW | 5.4 MEDIUM |
| iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site title" field. | |||||
| CVE-2018-9235 | 1 Iscripts | 1 Sonicbb | 2018-05-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php. | |||||
| CVE-2018-9183 | 1 Joomsky | 1 Js Jobs | 2018-05-02 | 3.5 LOW | 5.4 MEDIUM |
| The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS. | |||||
| CVE-2018-9173 | 1 Get-simple | 1 Getsimple Cms | 2018-05-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter. | |||||
| CVE-2018-9147 | 1 Gespage | 1 Gespage | 2018-04-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerabilities in version 7.5.7 of Gespage software allow remote attackers to inject arbitrary web script or HTML via the email, passwd, and repasswd parameters to webapp/users/user_reg.jsp. | |||||
| CVE-2018-1233 | 1 Rsa | 1 Authentication Agent For Web | 2018-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are affected by a cross-site scripting vulnerability. The attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser session in the context of the affected website. | |||||
| CVE-2018-8763 | 2 Debian, Ldap-account-manager | 2 Debian Linux, Ldap Account Manager | 2018-04-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI. | |||||
| CVE-2018-5799 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2018-04-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139. | |||||
| CVE-2014-6604 | 1 Subscribe2 Project | 1 Subscribe2 | 2018-04-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ip parameter. | |||||
| CVE-2018-1142 | 1 Tenable | 1 Appliance | 2018-04-19 | 3.5 LOW | 5.4 MEDIUM |
| Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Utilizing a specially crafted request, an authenticated attacker could potentially execute arbitrary JavaScript code by manipulating certain URL parameters related to offline plugins. | |||||
| CVE-2018-7203 | 1 Lynxtechnology | 1 Twonky Server | 2018-04-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all. | |||||
| CVE-2017-17750 | 1 Bose | 1 Soundtouch | 2018-04-19 | 3.5 LOW | 5.4 MEDIUM |
| Bose SoundTouch devices allow XSS via a crafted public playlist from Spotify. | |||||
| CVE-2017-17749 | 1 Bose | 1 Soundtouch | 2018-04-19 | 3.5 LOW | 5.4 MEDIUM |
| Bose SoundTouch devices allow XSS via crafted song data from a music service, as demonstrated by Pandora. | |||||
| CVE-2015-7423 | 1 Ibm | 1 Infosphere Master Data Management | 2018-04-19 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 107771. | |||||
| CVE-2018-9140 | 1 Samsung | 1 Samsung Mobile | 2018-04-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747. | |||||
| CVE-2018-1201 | 1 Dell | 1 Emc Isilon | 2018-04-19 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. | |||||
| CVE-2018-1202 | 1 Dell | 1 Emc Isilon | 2018-04-19 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. | |||||
| CVE-2018-1189 | 1 Dell | 1 Emc Isilon | 2018-04-19 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. | |||||
| CVE-2018-1188 | 1 Dell | 1 Emc Isilon | 2018-04-19 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. | |||||
| CVE-2018-1187 | 1 Dell | 1 Emc Isilon | 2018-04-19 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. | |||||
| CVE-2018-1186 | 1 Dell | 1 Emc Isilon | 2018-04-19 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. | |||||
| CVE-2017-7632 | 1 Qnap | 1 Qts | 2018-04-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in File Station of QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2017-7631 | 1 Qnap | 1 Qts | 2018-04-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the share link function of File Station of QNAP 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2018-8973 | 1 Otcms | 1 Otcms | 2018-04-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| OTCMS 3.20 allows XSS by adding a keyword or link to an article, as demonstrated by an admin/keyWord_deal.php?mudi=add request. | |||||
| CVE-2018-8978 | 1 Open-audit | 1 Open-audit | 2018-04-18 | 3.5 LOW | 5.4 MEDIUM |
| Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI. | |||||
| CVE-2018-9130 | 1 Ibos | 1 Ibos | 2018-04-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBOS 4.4.3 has XSS via a company full name. | |||||
| CVE-2018-9020 | 1 Events Manager Project | 1 Events Manager | 2018-04-18 | 3.5 LOW | 5.4 MEDIUM |
| The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature. | |||||
| CVE-2015-9257 | 1 Bmc | 1 Remedy Action Request System | 2018-04-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS. | |||||
| CVE-2018-8957 | 1 Covercms Project | 1 Covercms | 2018-04-18 | 3.5 LOW | 5.4 MEDIUM |
| CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related to admina/mconfigs.inc.php. | |||||
| CVE-2018-8942 | 1 Xiuno Bbs Project | 1 Xiuno Bbs | 2018-04-18 | 3.5 LOW | 5.4 MEDIUM |
| Xiuno BBS 4.0.0 has XSS in the adminpage sitename parameter. | |||||
| CVE-2018-8903 | 1 Open-audit | 1 Open-audit | 2018-04-18 | 3.5 LOW | 5.4 MEDIUM |
| Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen. | |||||
| CVE-2018-8906 | 1 Dsmall Project | 1 Dsmall | 2018-04-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/address_id/2.html. | |||||
| CVE-2018-8899 | 1 Identityserver | 1 Identityserver4 | 2018-04-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations. | |||||
| CVE-2017-18094 | 1 Atlassian | 2 Crucible, Fisheye | 2018-04-18 | 3.5 LOW | 4.8 MEDIUM |
| Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the base path setting of a configured file system repository. | |||||
| CVE-2018-9017 | 1 Dsmall Project | 1 Dsmall | 2018-04-18 | 3.5 LOW | 5.4 MEDIUM |
| dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/findlist.html URI. | |||||
| CVE-2018-9016 | 1 Dsmall Project | 1 Dsmall | 2018-04-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| dsmall v20180320 allows XSS via the main page search box at the public/index.php/home URI. | |||||
| CVE-2018-9307 | 1 Dsmall Project | 1 Dsmall | 2018-04-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| dsmall v20180320 allows XSS via the pdr_sn parameter to public/index.php/home/predeposit/index.html. | |||||
| CVE-2018-9015 | 1 Dsmall Project | 1 Dsmall | 2018-04-18 | 3.5 LOW | 5.4 MEDIUM |
| dsmall v20180320 allows XSS via the public/index.php/home/predeposit/index.html pdr_sn parameter (aka the CMS search box). | |||||
| CVE-2018-9121 | 1 Crea8social | 1 Crea8social | 2018-04-18 | 3.5 LOW | 5.4 MEDIUM |
| In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post comment. | |||||
| CVE-2018-9123 | 1 Crea8social | 1 Crea8social | 2018-04-18 | 3.5 LOW | 5.4 MEDIUM |
| In Crea8social 2018.2, there is Stored Cross-Site Scripting via a User Profile. | |||||
| CVE-2018-9122 | 1 Crea8social | 1 Crea8social | 2018-04-18 | 3.5 LOW | 5.4 MEDIUM |
| In Crea8social 2018.2, there is Reflected Cross-Site Scripting via the term parameter to the /search URI. | |||||
| CVE-2018-9120 | 1 Crea8social | 1 Crea8social | 2018-04-18 | 3.5 LOW | 5.4 MEDIUM |
| In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post. | |||||