Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14755 | 1 Opentext | 1 Document Sciences Xpression | 2017-10-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, parameter: categoryId. | |||||
| CVE-2015-2144 | 1 Phpbugtracker Project | 1 Phpbugtracker | 2017-10-11 | 3.5 LOW | 4.8 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) project name parameter to project.php; the (2) use_js parameter to user.php; the (3) use_js parameter to group.php; the (4) Description parameter to status.php; the (5) Description parameter to severity.php; the (6) Regex parameter to os.php; or the (7) Name parameter to database.php. | |||||
| CVE-2015-2145 | 1 Phpbugtracker Project | 1 Phpbugtracker | 2017-10-11 | 3.5 LOW | 4.8 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2015-2148 | 1 Phpbugtracker Project | 1 Phpbugtracker | 2017-10-11 | 3.5 LOW | 4.8 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2017-1345 | 1 Ibm | 1 Insights Foundation For Energy | 2017-10-11 | 3.5 LOW | 5.4 MEDIUM |
| IBM Insights Foundation for Energy 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126460. | |||||
| CVE-2017-14981 | 1 Atutor | 1 Atutor | 2017-10-11 | 3.5 LOW | 5.4 MEDIUM |
| Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data (url in /mods/_standard/rss_feeds/edit_feed.php). An attacker could inject arbitrary HTML and script code into a browser in the context of the vulnerable website. | |||||
| CVE-2015-7357 | 1 Udesign Project | 1 Udesign | 2017-10-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the uDesign (aka U-Design) theme 2.3.0 before 2.7.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via a fragment identifier, as demonstrated by #<svg onload=alert(1)>. | |||||
| CVE-2017-14620 | 1 Smartertools | 1 Smarterstats | 2017-10-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting. | |||||
| CVE-2017-1429 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2017-10-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127587. | |||||
| CVE-2017-1359 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2017-10-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126686. | |||||
| CVE-2017-1369 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2017-10-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126862. | |||||
| CVE-2017-1335 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2017-10-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126243. | |||||
| CVE-2017-1364 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2017-10-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126857. | |||||
| CVE-2017-1334 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2017-10-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126242. | |||||
| CVE-2017-1324 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2017-10-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125975. | |||||
| CVE-2017-14622 | 1 2kblater | 1 2kb Amazon Affiliates Store | 2017-10-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php. | |||||
| CVE-2017-1000035 | 1 Tt-rss | 1 Tiny Tiny Rss | 2017-10-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack | |||||
| CVE-2017-14352 | 1 Hp | 1 Ucmdb Configuration Manager | 2017-10-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting. | |||||
| CVE-2017-1591 | 1 Ibm | 1 Datapower Gateway | 2017-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132368. | |||||
| CVE-2015-7349 | 1 Vasco | 1 Digipass | 2017-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the sample feedback.inc file in VASCO DIGIPASS authentication plug-in for Citrix Web Interface allows remote attackers to inject arbitrary web script or HTML via the failmessage parameter. | |||||
| CVE-2015-5181 | 1 Redhat | 1 Jboss A-mq | 2017-10-06 | 3.5 LOW | 5.4 MEDIUM |
| The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript. | |||||
| CVE-2017-14957 | 1 Blogotext Project | 1 Blogotext | 2017-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can (for example) change global settings or create/delete posts. It is also possible to execute JavaScript against unauthenticated users of the blog. | |||||
| CVE-2015-5613 | 1 Octobercms | 1 October | 2017-10-06 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612. | |||||
| CVE-2017-10701 | 1 Sap | 1 Enterprise Portal | 2017-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516. | |||||
| CVE-2017-14751 | 1 Intensewp | 1 Wp Jobs | 2017-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field. | |||||
| CVE-2017-14744 | 1 Baidu | 1 Ueditor | 2017-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. | |||||
| CVE-2015-8375 | 1 Php-fusion | 1 Php-fusion | 2017-10-06 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in PHP-Fusion 9. | |||||
| CVE-2017-14717 | 1 Telaxius | 1 Epesi | 2017-10-06 | 3.5 LOW | 5.4 MEDIUM |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter. | |||||
| CVE-2017-14712 | 1 Telaxius | 1 Epesi | 2017-10-06 | 3.5 LOW | 5.4 MEDIUM |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter. | |||||
| CVE-2017-9551 | 1 Mahara | 1 Mahara | 2017-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user's account. | |||||
| CVE-2017-13986 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2017-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system. | |||||
| CVE-2017-14922 | 1 Tine20 | 1 Tine 2.0 | 2017-10-05 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | |||||
| CVE-2017-14921 | 1 Tine20 | 1 Tine 2.0 | 2017-10-05 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | |||||
| CVE-2017-14920 | 1 Egroupware | 1 Egroupware | 2017-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator. | |||||
| CVE-2017-14923 | 1 Tine20 | 1 Tine 2.0 | 2017-10-05 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | |||||
| CVE-2017-9292 | 1 Lansweeper | 1 Lansweeper | 2017-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782. | |||||
| CVE-2017-14321 | 1 Mirasvit | 1 Helpdesk Mx | 2017-10-04 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) customer name or (2) subject in a ticket. | |||||
| CVE-2017-14615 | 1 Watchguard | 1 Fireware | 2017-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as value of the user element, the code will be rendered in the context of any logged in user in the Web UI visiting "Traffic Monitor" sections "Events" and "All." As a side effect, no further events will be visible in the Traffic Monitor until the device is restarted. | |||||
| CVE-2017-1425 | 1 Ibm | 1 Business Process Manager | 2017-10-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127478. | |||||
| CVE-2015-7316 | 1 Plone | 1 Plone | 2017-10-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1. | |||||
| CVE-2015-7347 | 1 Zcms Project | 1 Zcms | 2017-09-30 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages Content Management System 1.1. | |||||
| CVE-2015-4706 | 1 Ipython | 1 Ipython | 2017-09-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IPython 3.x before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/contents path. | |||||
| CVE-2017-14761 | 1 Genixcms | 1 Genixcms | 2017-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id parameter. | |||||
| CVE-2017-14765 | 1 Genixcms | 1 Genixcms | 2017-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request. | |||||
| CVE-2017-14762 | 1 Genixcms | 1 Genixcms | 2017-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id parameter. | |||||
| CVE-2017-1531 | 1 Ibm | 1 Business Process Manager | 2017-09-29 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130410. | |||||
| CVE-2017-1530 | 1 Ibm | 1 Business Process Manager | 2017-09-29 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130409. | |||||
| CVE-2015-5282 | 1 Theforeman | 1 Foreman | 2017-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after. | |||||
| CVE-2017-14142 | 1 Kaltura | 1 Kaltura Server | 2017-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Kaltura before 13.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) partnerId or (2) playerVersion parameter to server/admin_console/web/tools/bigRedButton.php; the (3) partnerId, (4) playerVersion, (5) secret, (6) entryId, (7) adminUiConfId, or (8) uiConfId parameter to server/admin_console/web/tools/bigRedButtonPtsPoc.php; the (9) streamUsername, (10) streamPassword, (11) streamRemoteId, (12) streamRemoteBackupId, or (13) entryId parameter to server/admin_console/web/tools/AkamaiBroadcaster.php; the (14) entryId parameter to server/admin_console/web/tools/XmlJWPlayer.php; or the (15) partnerId or (16) playerVersion parameter to server/alpha/web/lib/bigRedButtonPtsPocHlsjs.php. | |||||
| CVE-2017-1424 | 1 Ibm | 1 Business Process Manager | 2017-09-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127477. | |||||