Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16514 | 1 Websitebaker | 1 Websitebaker | 2018-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities in the files /wb/admin/admintools/tool.php (Droplet Description) and /install/index.php (Site Title) in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in the application. | |||||
| CVE-2017-1000465 | 1 Sulu | 1 Sulu-standard | 2018-02-01 | 3.5 LOW | 5.4 MEDIUM |
| Sulu-standard version 1.6.6 is vulnerable to stored cross-site scripting vulnerability, within the page creation page, which can result in disruption of service and execution of javascript code. | |||||
| CVE-2017-18024 | 1 Avantfax | 1 Avantfax | 2018-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1. | |||||
| CVE-2017-14594 | 1 Atlassian | 1 Jira | 2018-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter. | |||||
| CVE-2017-7998 | 1 Gespage | 1 Gespage | 2018-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Gespage before 7.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) printer name when adding a printer in the admin panel or (2) username parameter to webapp/users/user_reg.jsp. | |||||
| CVE-2015-7485 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2018-02-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108626. | |||||
| CVE-2017-18023 | 1 Officetracker | 1 Officetracker | 2018-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Office Tracker 11.2.5 has XSS via the logincount parameter to the /otweb/OTPClientLogin URI. | |||||
| CVE-2017-14096 | 1 Trendmicro | 1 Smart Protection Server | 2018-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems. | |||||
| CVE-2015-7486 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2018-02-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108633. | |||||
| CVE-2015-7474 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2018-02-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Jazz Foundation in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108501. | |||||
| CVE-2018-5776 | 1 Wordpress | 1 Wordpress | 2018-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement). | |||||
| CVE-2017-16864 | 1 Atlassian | 1 Jira | 2018-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter. | |||||
| CVE-2018-5692 | 1 Piwigo | 1 Piwigo | 2018-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file. | |||||
| CVE-2018-5689 | 1 Dotclear | 1 Dotclear | 2018-01-31 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email. | |||||
| CVE-2018-5690 | 1 Dotclear | 1 Dotclear | 2018-01-31 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number). | |||||
| CVE-2017-1739 | 1 Ibm | 1 Curam Social Program Management | 2018-01-31 | 3.5 LOW | 5.4 MEDIUM |
| IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134921. | |||||
| CVE-2017-1740 | 1 Ibm | 1 Curam Social Program Management | 2018-01-31 | 3.5 LOW | 5.4 MEDIUM |
| IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134922. | |||||
| CVE-2018-5681 | 1 Prestashop | 1 Prestashop | 2018-01-31 | 3.5 LOW | 5.4 MEDIUM |
| PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit page" screen. | |||||
| CVE-2018-5316 | 1 Patsatech | 1 Sagepay Server Gateway For Woocommerce | 2018-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter. | |||||
| CVE-2012-6682 | 1 Dragonbyte-tech | 1 Vbdownloads Module | 2018-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in downloads/actions/editdownload.php in the DragonByte Technologies vBDownloads module 1.3.2 and earlier for vBulletin allows remote attackers to inject arbitrary web script or HTML via the mirrors[] parameter. | |||||
| CVE-2012-6671 | 1 Dragonbyte-tech | 1 Forumon Rpg Module | 2018-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in actions/main.php in the DragonByte Technologies Forumon RPG module before 1.0.8 for vBulletin when creating a new monster, allow remote attackers to inject arbitrary web script or HTML via the (1) monster[title] or (2) monster[description] parameters. | |||||
| CVE-2012-6670 | 1 Dragonbyte-tech | 1 Vbactivity Module | 2018-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte Technologies vbActivity module before 3.0.1 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the reason parameter in (1) actions/nominatemedal.php or (2) actions/requestmedal.php. | |||||
| CVE-2012-6668 | 1 Dragonbyte-tech | 1 Vbshout Module | 2018-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Shout Reports in the DragonByte Technologies vBShout module before 6.0.6 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the (1) reportreason parameter in actions/doreport.php or (2) modnotes parameter in actions/updatereport.php. | |||||
| CVE-2017-9507 | 1 Atlassian | 2 Crucible, Fisheye | 2018-01-31 | 3.5 LOW | 5.4 MEDIUM |
| The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter. | |||||
| CVE-2017-9509 | 1 Atlassian | 2 Crucible, Fisheye | 2018-01-31 | 3.5 LOW | 5.4 MEDIUM |
| The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file. | |||||
| CVE-2017-1000428 | 1 Flatcore | 1 Flatcore-cms | 2018-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER['PHP_SELF'] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string. | |||||
| CVE-2018-5331 | 1 Discuz | 1 Discuzx | 2018-01-29 | 3.5 LOW | 5.4 MEDIUM |
| Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php. | |||||
| CVE-2018-1361 | 1 Ibm | 1 Websphere Portal | 2018-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137158. | |||||
| CVE-2018-0799 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2018-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are handled, aka "Microsoft Access Tampering Vulnerability". | |||||
| CVE-2016-0336 | 1 Ibm | 1 Security Identity Manager | 2018-01-29 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111737. | |||||
| CVE-2012-6667 | 1 Dragonbyte-tech | 1 Vbshout | 2018-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte Technologies vBShout module for vBulletin allows remote attackers to inject arbitrary web script or HTML via the shout parameter in a shout action. | |||||
| CVE-2018-5369 | 1 Srbtranslatin Project | 1 Srbtranslatin | 2018-01-29 | 3.5 LOW | 4.8 MEDIUM |
| The SrbTransLatin plugin 1.46 for WordPress has XSS via an srbtranslatoptions action to wp-admin/options-general.php with a lang_identificator parameter. | |||||
| CVE-2018-5284 | 1 Wpscoop | 1 Imageinject | 2018-01-29 | 3.5 LOW | 4.8 MEDIUM |
| The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options-general.php. | |||||
| CVE-2018-5263 | 1 Stackideas | 1 Easydiscuss | 2018-01-29 | 3.5 LOW | 5.4 MEDIUM |
| The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0.21 for Joomla! allows XSS. | |||||
| CVE-2017-1000429 | 1 Finecms Project | 1 Finecms | 2018-01-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php. | |||||
| CVE-2018-5312 | 1 Wpshopmart | 1 Tabs Responsive | 2018-01-26 | 3.5 LOW | 5.4 MEDIUM |
| The tabs-responsive plugin 1.8.0 for WordPress has XSS via the post_title parameter to wp-admin/post.php. | |||||
| CVE-2018-5311 | 1 Tonjoostudio | 1 Easy Custom Auto Excerpt | 2018-01-26 | 3.5 LOW | 5.4 MEDIUM |
| The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the tonjoo_ecae_options[custom_css] parameter to the wp-admin/admin.php?page=tonjoo_excerpt URI. | |||||
| CVE-2018-5375 | 1 Discuz | 1 Discuzx | 2018-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action. | |||||
| CVE-2017-1623 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2018-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133121. | |||||
| CVE-2015-9248 | 1 Skyboxsecurity | 1 Skybox Platform | 2018-01-24 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Skybox Platform before 7.5.201. Stored cross-site scripting vulnerabilities exist in the title, Comments, or Description field to /skyboxview/webskybox/tickets in Change Manager. | |||||
| CVE-2015-9247 | 1 Skyboxsecurity | 1 Skybox Platform | 2018-01-24 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Skybox Platform before 7.5.401. Reflected cross-site scripting vulnerabilities exist in /skyboxview/webservice/services/VersionRepositoryWebService via a soapenv:Body element, or in the status parameter to login.html. | |||||
| CVE-2016-10706 | 1 Automattic | 1 Jetpack | 2018-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link. | |||||
| CVE-2016-10705 | 1 Automattic | 1 Jetpack | 2018-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module. | |||||
| CVE-2018-5654 | 1 Weblizar | 1 Pinterest-feeds | 2018-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php PFFREE_Access_Token parameter. | |||||
| CVE-2018-5655 | 1 Weblizar | 1 Pinterest-feeds | 2018-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php security parameter. | |||||
| CVE-2018-5653 | 1 Weblizar | 1 Pinterest-feeds | 2018-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php weblizar_pffree_settings_save_get-users parameter. | |||||
| CVE-2018-5652 | 1 Dark Mode Project | 1 Dark Mode | 2018-01-24 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_end parameter. | |||||
| CVE-2018-5651 | 1 Dark Mode Project | 1 Dark Mode | 2018-01-24 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_start parameter. | |||||
| CVE-2017-15374 | 1 Shopware | 1 Shopware | 2018-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the customer and orders section of the backend. The execution occurs in the administrator backend listing when processing a preview of the customers (kunden) or orders (bestellungen). The injection can be performed interactively via user registration or by manipulation of the order information inputs. The issue can be exploited by low privileged user accounts against higher privileged (admin or moderator) accounts. | |||||
| CVE-2018-5366 | 1 Wpglobus | 1 Wpglobus | 2018-01-23 | 3.5 LOW | 4.8 MEDIUM |
| The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[more_languages] parameter to wp-admin/options.php. | |||||