Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1000005 | 1 Phpminiadmin Project | 1 Phpminiadmin | 2017-07-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the name of databases, tables and columns resulting in potential account takeover and scraping of data (stealing data). | |||||
| CVE-2016-8948 | 1 Ibm | 1 Emptoris Sourcing | 2017-07-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118835. | |||||
| CVE-2017-11439 | 1 Sitecore | 1 Cms | 2017-07-21 | 3.5 LOW | 5.4 MEDIUM |
| In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter. | |||||
| CVE-2017-1000065 | 1 Openmediavault | 1 Openmediavault | 2017-07-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights Management(Users) functionality allows attackers to inject arbitrary web scripts and execute malicious scripts within an authenticated client's browser. | |||||
| CVE-2017-1000033 | 1 Vospari Forms Project | 1 Vospari Forms | 2017-07-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Wordpress Plugin Vospari Forms version < 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user. | |||||
| CVE-2017-9609 | 1 Blackcat-cms | 1 Blackcat Cms | 2017-07-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php. | |||||
| CVE-2017-9934 | 1 Joomla | 1 Joomla\! | 2017-07-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability. | |||||
| CVE-2017-1000051 | 1 Xwiki | 1 Cryptpad | 2017-07-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content | |||||
| CVE-2017-1000038 | 1 Relevanssi | 1 Relevanssi | 2017-07-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site | |||||
| CVE-2017-1000042 | 1 Mapbox Project | 1 Mapbox | 2017-07-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name. | |||||
| CVE-2017-1000059 | 1 Livehelperchat | 1 Live Helper Chat | 2017-07-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users. | |||||
| CVE-2017-7276 | 1 Topdesk | 1 Topdesk | 2017-07-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is reflected XSS in TOPdesk before 5.7.6 and 6.x and 7.x before 7.03.019. | |||||
| CVE-2016-8946 | 1 Ibm | 1 Emptoris Sourcing | 2017-07-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118833. | |||||
| CVE-2016-6114 | 1 Ibm | 1 Emptoris Sourcing | 2017-07-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118352. | |||||
| CVE-2017-2172 | 1 Cybozu | 1 Kunai | 2017-07-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-1000011 | 1 Mywebsql | 1 Mywebsql | 2017-07-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| MyWebSQL version 3.6 is vulnerable to stored XSS in the database manager component resulting in account takeover or stealing of information | |||||
| CVE-2006-5847 | 1 Freewebshop | 1 Freewebshop | 2017-07-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
| CVE-2016-6019 | 1 Ibm | 1 Emptoris Strategic Supply Management | 2017-07-19 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116739. | |||||
| CVE-2016-8952 | 1 Ibm | 1 Emptoris Strategic Supply Management | 2017-07-19 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118839. | |||||
| CVE-2017-11128 | 1 Bolt | 1 Bolt Cms | 2017-07-19 | 3.5 LOW | 5.4 MEDIUM |
| Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry. | |||||
| CVE-2017-11127 | 1 Bolt | 1 Bolt Cms | 2017-07-19 | 3.5 LOW | 5.4 MEDIUM |
| Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header. | |||||
| CVE-2017-1000054 | 1 Rocketchat | 1 Rocket.chat | 2017-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages. | |||||
| CVE-2017-1000063 | 1 Kitto Project | 1 Kitto | 2017-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 page resulting in information disclosure | |||||
| CVE-2017-1000032 | 1 Cacti | 1 Cacti | 2017-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php. | |||||
| CVE-2017-7663 | 1 Apache | 1 Openmeetings | 2017-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0. | |||||
| CVE-2017-3102 | 1 Adobe | 1 Connect | 2017-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Successful exploitation could lead to a reflected cross-site scripting attack. | |||||
| CVE-2017-3103 | 1 Adobe | 1 Connect | 2017-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to a stored cross-site scripting attack. | |||||
| CVE-2017-1208 | 1 Ibm | 1 Maximo Asset Management | 2017-07-19 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123778. | |||||
| CVE-2017-11195 | 1 Pulsesecure | 1 Pulse Connect Secure | 2017-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags, so one cannot simply close the src with a quote and inject after that. However, an attacker can use javascript: or data: to abuse this. | |||||
| CVE-2017-10975 | 1 Lutim Project | 1 Lutim | 2017-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Lutim before 0.8 might allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in an upload notification and in the myfiles component, if the attacker can convince the victim to proceed with an upload despite the appearance of an XSS payload in the filename. | |||||
| CVE-2017-11194 | 1 Pulsesecure | 1 Pulse Connect Secure | 2017-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an attacker to inject tags. An attacker could come up with clever payloads to make the system run commands such as ping, ping6, traceroute, nslookup, arp, etc. | |||||
| CVE-2017-2194 | 1 Ipa | 1 Icodechecker | 2017-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Source code security studying tool iCodeChecker allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-2168 | 1 Wpbookingsystem | 1 Wp Booking System | 2017-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-2224 | 1 Web-dorado | 1 Event Calendar Wd | 2017-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Event Calendar WD prior to version 1.0.94 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-9420 | 1 Sunnythemes | 1 Spiffy Calendar | 2017-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter. | |||||
| CVE-2017-9419 | 1 Webhammer | 1 Wp-custom-fields-search | 2017-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter. | |||||
| CVE-2017-10970 | 1 Cacti | 1 Cacti | 2017-07-17 | 4.3 MEDIUM | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php. | |||||
| CVE-2016-4833 | 1 Nofollow Links Project | 1 Nofollow Links | 2017-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin before 1.0.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-9288 | 1 Raygun | 1 Raygun4wp | 2017-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter). | |||||
| CVE-2017-6733 | 1 Cisco | 1 Identity Services Engine | 2017-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvd87482. Known Affected Releases: 2.1(102.101) 2.2(0.283) 2.3(0.151). | |||||
| CVE-2017-11202 | 1 Finecms Project | 1 Finecms | 2017-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| FineCMS through 2017-07-12 allows XSS in visitors.php because JavaScript in visited URLs is not restricted either during logging or during the reading of logs, a different vulnerability than CVE-2017-11180. | |||||
| CVE-2017-11201 | 1 Finecms Project | 1 Finecms | 2017-07-16 | 3.5 LOW | 5.4 MEDIUM |
| application/core/controller/images.php in FineCMS through 2017-07-12 allows remote authenticated admins to conduct XSS attacks by uploading an image via a route=images action. | |||||
| CVE-2017-11198 | 1 Finecms Project | 1 Finecms | 2017-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_image.php in FineCMS through 2017-07-12 allows remote attackers to inject arbitrary web script or HTML via the folder, id, or name parameter. | |||||
| CVE-2017-11179 | 1 Finecms Project | 1 Finecms | 2017-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| FineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account. | |||||
| CVE-2017-11180 | 1 Finecms Project | 1 Finecms | 2017-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| FineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in (1) the User-Agent header of an HTTP request or (2) the username entered on the login screen. | |||||
| CVE-2017-11181 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2017-07-14 | 3.5 LOW | 5.4 MEDIUM |
| In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subject and Message fields are vulnerable. | |||||
| CVE-2017-11182 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2017-07-14 | 3.5 LOW | 5.4 MEDIUM |
| In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable. | |||||
| CVE-2017-2243 | 1 Dfactory | 1 Responsive Lightbox | 2017-07-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-1096 | 1 Ibm | 1 Jazz Reporting Service | 2017-07-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120656. | |||||
| CVE-2017-6734 | 1 Cisco | 1 Identity Services Engine | 2017-07-14 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected device, related to the Guest Portal. More Information: CSCvd74794. Known Affected Releases: 1.3(0.909) 2.1(0.800). | |||||