Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3296 | 1 Nodebb | 1 Nodebb | 2017-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs. | |||||
| CVE-2017-14621 | 1 Suse | 1 Portus | 2017-09-28 | 3.5 LOW | 5.4 MEDIUM |
| Portus 2.2.0 has XSS via the Team field, related to typeahead. | |||||
| CVE-2017-14714 | 1 Telaxius | 1 Epesi | 2017-09-28 | 3.5 LOW | 5.4 MEDIUM |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter. | |||||
| CVE-2017-14716 | 1 Telaxius | 1 Epesi | 2017-09-28 | 3.5 LOW | 5.4 MEDIUM |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter. | |||||
| CVE-2017-14715 | 1 Telaxius | 1 Epesi | 2017-09-28 | 3.5 LOW | 5.4 MEDIUM |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter. | |||||
| CVE-2017-14713 | 1 Telaxius | 1 Epesi | 2017-09-28 | 3.5 LOW | 5.4 MEDIUM |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Description parameter. | |||||
| CVE-2015-1866 | 1 Emberjs | 1 Ember.js | 2017-09-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2. | |||||
| CVE-2017-3165 | 1 Apache | 1 Brooklyn | 2017-09-27 | 3.5 LOW | 5.4 MEDIUM |
| In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to be a proof-of-concept exploit using this vulnerability. | |||||
| CVE-2015-3162 | 1 Beaker-project | 1 Beaker | 2017-09-26 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked canceled job. | |||||
| CVE-2015-3299 | 1 Floating Social Bar Project | 1 Floating Social Bar | 2017-09-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Floating Social Bar plugin before 1.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to original service order. | |||||
| CVE-2014-6191 | 1 Ibm | 1 Curam Social Program Management | 2017-09-23 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 98568. | |||||
| CVE-2015-3432 | 1 Pydio | 1 Pydio | 2017-09-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly AjaXplorer) before 6.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Pydio XSS Vulnerabilities." | |||||
| CVE-2015-4072 | 1 Helpdesk Pro Project | 1 Helpdesk Pro | 2017-09-22 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message. | |||||
| CVE-2017-14597 | 1 Afterlogic | 2 Aurora, Webmail | 2017-09-22 | 3.5 LOW | 4.8 MEDIUM |
| AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain. | |||||
| CVE-2017-13724 | 1 Axesstel | 2 Mu553s, Mu553s Firmware | 2017-09-21 | 3.5 LOW | 5.4 MEDIUM |
| On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site Scripting vulnerability in the APN parameter under the "Basic Settings" page. | |||||
| CVE-2017-1002017 | 1 Bobcares | 1 Gift-certificate-creator | 2017-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability. | |||||
| CVE-2017-8745 | 1 Microsoft | 1 Sharepoint Foundation | 2017-09-21 | 3.5 LOW | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Cross Site Scripting Vulnerability". | |||||
| CVE-2017-14534 | 1 Nexusphp Project | 1 Nexusphp | 2017-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to location.php, related to PHP_SELF. | |||||
| CVE-2017-4926 | 1 Vmware | 1 Vcenter Server | 2017-09-21 | 3.5 LOW | 5.4 MEDIUM |
| VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page. | |||||
| CVE-2017-12156 | 1 Moodle | 1 Moodle | 2017-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback. | |||||
| CVE-2017-14413 | 1 D-link | 2 Dir-850l, Dir-850l Firmware | 2017-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php. | |||||
| CVE-2017-14414 | 1 D-link | 2 Dir-850l, Dir-850l Firmware | 2017-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php. | |||||
| CVE-2017-14416 | 1 D-link | 2 Dir-850l, Dir-850l Firmware | 2017-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php. | |||||
| CVE-2017-14415 | 1 D-link | 2 Dir-850l, Dir-850l Firmware | 2017-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php. | |||||
| CVE-2017-8629 | 1 Microsoft | 1 Sharepoint Server | 2017-09-20 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of privilege vulnerability when it fails to properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint XSS Vulnerability". | |||||
| CVE-2017-1002011 | 1 Anblik | 1 Image-gallery-with-slideshow | 2017-09-20 | 3.5 LOW | 5.4 MEDIUM |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value->gallery_name and $value->gallery_description where anyone with privileges to modify or add galleries/images and inject javascript into the database. | |||||
| CVE-2017-14219 | 1 Intelbras | 2 Wrn 240, Wrn 240 Firmware | 2017-09-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm. The attack vector is a crafted ESSID, as demonstrated by an "airbase-ng -e" command. | |||||
| CVE-2017-1502 | 1 Ibm | 1 Content Navigator | 2017-09-19 | 3.5 LOW | 5.4 MEDIUM |
| IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129577. | |||||
| CVE-2017-14239 | 1 Dolibarr | 1 Dolibarr | 2017-09-19 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) CompanyName, (2) CompanyAddress, (3) CompanyZip, (4) CompanyTown, (5) Fax, (6) EMail, (7) Web, (8) ManagingDirectors, (9) Note, (10) Capital, (11) ProfId1, (12) ProfId2, (13) ProfId3, (14) ProfId4, (15) ProfId5, or (16) ProfId6 parameter to htdocs/admin/company.php. | |||||
| CVE-2015-7879 | 1 Stickynote Project | 1 Stickynote | 2017-09-19 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Stickynote module 7.x before 7.x-1.3 for Drupal allows remote authenticated users with permission to create or edit a stickynote to inject arbitrary web script or HTML via note text on the admin listing page. | |||||
| CVE-2017-1189 | 1 Ibm | 1 Websphere Portal | 2017-09-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123558. | |||||
| CVE-2017-14241 | 1 Dolibarr | 1 Dolibarr | 2017-09-18 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php. | |||||
| CVE-2017-1535 | 1 Ibm | 1 Cognos Analytics | 2017-09-17 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130677. | |||||
| CVE-2017-14347 | 1 Nexusphp Project | 1 Nexusphp | 2017-09-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action. | |||||
| CVE-2014-4406 | 1 Apple | 1 Os X Server | 2017-09-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-14268 | 1 Ee | 2 4gee Wifi Mbb, 4gee Wifi Mbb Firmware | 2017-09-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have XSS in the sms_content parameter in a getSMSlist request. | |||||
| CVE-2017-7735 | 1 Fortinet | 1 Fortios | 2017-09-15 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups. | |||||
| CVE-2017-7734 | 1 Fortinet | 1 Fortios | 2017-09-15 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions. | |||||
| CVE-2017-3131 | 1 Fortinet | 1 Fortios | 2017-09-15 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView. | |||||
| CVE-2017-11611 | 1 Wolfcms | 1 Wolf Cms | 2017-09-14 | 3.5 LOW | 5.4 MEDIUM |
| Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of the file name in a "create-file-popup" action, and the directory name in a "create-directory-popup" action, in the HTTP POST method to the "/plugin/file_manager/" script (aka an /admin/plugin/file_manager/browse// URI). | |||||
| CVE-2017-3133 | 1 Fortinet | 1 Fortios | 2017-09-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. | |||||
| CVE-2017-3132 | 1 Fortinet | 1 Fortios | 2017-09-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken. | |||||
| CVE-2017-1098 | 1 Ibm | 1 Emptoris Supplier Lifecycle Management | 2017-09-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120658. | |||||
| CVE-2015-4993 | 1 Ibm | 1 Websphere Portal | 2017-09-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4998. | |||||
| CVE-2015-4998 | 1 Ibm | 1 Websphere Portal | 2017-09-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-4993. | |||||
| CVE-2015-5060 | 1 Anchorcms | 1 Anchor Cms | 2017-09-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev. | |||||
| CVE-2017-12906 | 1 Nexusphp Project | 1 Nexusphp | 2017-09-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php. | |||||
| CVE-2015-7252 | 1 Zte | 2 Zxhn H108n R1a, Zxhn H108n R1a Firmware | 2017-09-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter. | |||||
| CVE-2015-3169 | 1 Askbot | 1 Askbot | 2017-09-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in askbot 0.7.51-4.el6.noarch. | |||||
| CVE-2017-14194 | 1 Finecms Project | 1 Finecms | 2017-09-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer. | |||||