Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15360 | 1 Paessler | 1 Prtg Network Monitor | 2017-11-01 | 3.5 LOW | 5.4 MEDIUM |
| PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all group names created, related to incorrect error handling for an HTML encoded script. | |||||
| CVE-2017-15380 | 1 Softwarepublico | 1 E-sic | 2017-10-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester's registration area) via the nome parameter. | |||||
| CVE-2017-15872 | 1 Phpwcms | 1 Phpwcms | 2017-10-31 | 3.5 LOW | 4.8 MEDIUM |
| phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the username (aka new_login) field. | |||||
| CVE-2012-4378 | 1 Mediawiki | 1 Mediawiki | 2017-10-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web script or HTML via the userlang parameter to w/index.php. | |||||
| CVE-2012-4377 | 1 Mediawiki | 1 Mediawiki | 2017-10-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image. | |||||
| CVE-2017-1521 | 1 Ibm | 1 Bigfix Platform | 2017-10-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications (IBM BigFix Platform 9.2 and 9.5) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129831. | |||||
| CVE-2017-7733 | 1 Fortinet | 1 Fortios | 2017-10-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter. | |||||
| CVE-2017-1000058 | 1 Chevereto | 1 Chevereto | 2017-10-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, one in the user profile and one in the Exif data parser. | |||||
| CVE-2017-7203 | 1 Zoneminder | 1 Zoneminder | 2017-10-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2014-3531 | 1 Theforeman | 1 Foreman | 2017-10-27 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description. | |||||
| CVE-2017-15213 | 1 Flyspray | 1 Flyspray | 2017-10-27 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl. | |||||
| CVE-2017-15214 | 1 Flyspray | 1 Flyspray | 2017-10-27 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php. | |||||
| CVE-2017-15215 | 1 Shaarli Project | 1 Shaarli | 2017-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global settings or add/delete links. It is also possible to execute JavaScript against unauthenticated users. | |||||
| CVE-2017-15216 | 1 Misp-project | 1 Misp | 2017-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| MISP before 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.js. | |||||
| CVE-2017-15384 | 1 Phpjabbers | 1 Rate Me | 2017-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| rate-me.php in Rate Me 1.0 has XSS via the id field in a rate action. | |||||
| CVE-2017-15287 | 1 Bouqueteditor Project | 1 Bouqueteditor | 2017-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI. | |||||
| CVE-2017-14973 | 1 Identicard | 1 Two-reader Controller Configuration Manager | 2017-10-27 | 3.5 LOW | 5.4 MEDIUM |
| IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user page). | |||||
| CVE-2015-6521 | 1 Atutor | 1 Atutor | 2017-10-27 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS version 2.2. | |||||
| CVE-2014-9677 | 1 Flowpaper | 1 Flexpaper | 2017-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in FlexPaperViewer.swf in Flexpaper before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the Swfile parameter. | |||||
| CVE-2017-1209 | 1 Ibm | 1 Daeja Viewone | 2017-10-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123849. | |||||
| CVE-2017-14372 | 1 Rsa | 1 Archer Grc Platform | 2017-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. | |||||
| CVE-2017-14370 | 1 Rsa | 1 Archer Grc Platform | 2017-10-27 | 3.5 LOW | 5.4 MEDIUM |
| RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. | |||||
| CVE-2017-14371 | 1 Rsa | 1 Archer Grc Platform | 2017-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. | |||||
| CVE-2017-15278 | 1 Teampass | 1 Teampass | 2017-10-26 | 3.5 LOW | 5.4 MEDIUM |
| Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2014-8087 | 1 Post Highlights Projects | 1 Post Highlights | 2017-10-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the post highlights plugin before 2.6.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the txt parameter in a headline action to ajax/ph_save.php. | |||||
| CVE-2017-1522 | 1 Ibm | 1 Content Navigator | 2017-10-25 | 3.5 LOW | 5.4 MEDIUM |
| IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129832. | |||||
| CVE-2017-15305 | 1 Nexusphp Project | 1 Nexusphp | 2017-10-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php. | |||||
| CVE-2017-15279 | 1 Umbraco | 1 Umbraco Cms | 2017-10-25 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and Umbraco.Web/umbraco.presentation/umbraco/dialogs/notifications.aspx.cs. | |||||
| CVE-2017-15219 | 1 Dotcms | 1 Dotcms | 2017-10-25 | 3.5 LOW | 5.4 MEDIUM |
| The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field. | |||||
| CVE-2016-10515 | 1 Redmine | 1 Redmine | 2017-10-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages. | |||||
| CVE-2017-15809 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-10-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag. | |||||
| CVE-2017-15728 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-10-24 | 3.5 LOW | 4.8 MEDIUM |
| In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords. | |||||
| CVE-2017-14995 | 1 Wso2 | 8 Application Server, Business Process Server, Business Rules Server and 5 more | 2017-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Management Console in WSO2 Application Server 5.3.0, WSO2 Business Process Server 3.6.0, WSO2 Business Rules Server 2.2.0, WSO2 Complex Event Processor 4.2.0, WSO2 Dashboard Server 2.0.0, WSO2 Data Analytics Server 3.1.0, WSO2 Data Services Server 3.5.1, and WSO2 Machine Learner 1.2.0 is affected by stored XSS. | |||||
| CVE-2017-14619 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module. | |||||
| CVE-2017-14618 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-10-23 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action. | |||||
| CVE-2016-10513 | 1 Piwigo | 1 Piwigo | 2017-10-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted search expression to include/functions_search.inc.php. | |||||
| CVE-2017-15194 | 1 Cacti | 1 Cacti | 2017-10-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page. | |||||
| CVE-2017-11775 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2017-10-20 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". This CVE ID is unique from CVE-2017-11777 and CVE-2017-11820. | |||||
| CVE-2017-11777 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2017-10-20 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". This CVE ID is unique from CVE-2017-11775 and CVE-2017-11820. | |||||
| CVE-2017-11820 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2017-10-20 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". This CVE ID is unique from CVE-2017-11775 and CVE-2017-11777. | |||||
| CVE-2017-1000109 | 1 Jenkins | 1 Owasp Dependency-check | 2017-10-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view. | |||||
| CVE-2015-7980 | 1 Compass Rose Project | 1 Compass Rose | 2017-10-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "embedding a JavaScript library from an external source that was not reliable." | |||||
| CVE-2017-12792 | 1 Nexusphp Project | 1 Nexusphp | 2017-10-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) linkname, (2) url, or (3) title parameter in an add action to linksmanage.php. | |||||
| CVE-2014-8492 | 1 Cozmoslabs | 1 Profile Builder | 2017-10-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) site_name, (2) message, or (3) site_url parameter. | |||||
| CVE-2014-8957 | 1 Openkm | 1 Openkm | 2017-10-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter. | |||||
| CVE-2014-7240 | 1 Formget | 1 Easy Contact Form Solution | 2017-10-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Easy Contact Form Solution plugin before 1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value parameter in a master_response action to wp-admin/admin-ajax.php. | |||||
| CVE-2014-8758 | 1 Tech-banker | 1 Gallery Bank | 2017-10-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in the gallery_album_sorting page to wp-admin/admin.php. | |||||
| CVE-2017-15009 | 1 Paessler | 1 Prtg Network Monitor | 2017-10-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected Cross-Site Scripting on error.htm (the error page), via the errormsg parameter. | |||||
| CVE-2017-15008 | 1 Paessler | 1 Prtg Network Monitor | 2017-10-12 | 3.5 LOW | 4.8 MEDIUM |
| PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all sensor titles, related to incorrect error handling for a %00 in the SRC attribute of an IMG element. | |||||
| CVE-2017-14756 | 1 Opentext | 1 Document Sciences Xpression | 2017-10-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/Deployment (cat_id). | |||||