Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8559 | 1 Microsoft | 1 Exchange Server | 2017-07-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8560. | |||||
| CVE-2017-8560 | 1 Microsoft | 1 Exchange Server | 2017-07-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8559. | |||||
| CVE-2017-10967 | 1 Finecms Project | 1 Finecms | 2017-07-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| In FineCMS before 2017-07-06, application\core\controller\config.php allows XSS in the (1) key_name, (2) key_value, and (3) meaning parameters. | |||||
| CVE-2017-2222 | 1 Wp-members Project | 1 Wp-members | 2017-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WP-Members prior to version 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-2146 | 1 Cybozu | 1 Garoon | 2017-07-12 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu. | |||||
| CVE-2016-9989 | 1 Ibm | 1 Jazz Reporting Service | 2017-07-12 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120555. | |||||
| CVE-2016-9988 | 1 Ibm | 1 Jazz Reporting Service | 2017-07-12 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120554. | |||||
| CVE-2016-9987 | 1 Ibm | 1 Jazz Reporting Service | 2017-07-12 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120553. | |||||
| CVE-2016-9986 | 1 Ibm | 1 Jazz Reporting Service | 2017-07-12 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120552. | |||||
| CVE-2017-0017 | 1 Microsoft | 1 Edge | 2017-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| The RegEx class in the XSS filter in Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0065, and CVE-2017-0068. | |||||
| CVE-2016-9990 | 1 Ibm | 1 Inotes | 2017-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998824. | |||||
| CVE-2017-2687 | 1 Siemens | 1 Ruggedcom Rox I | 2017-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induced to click on a malicious link. | |||||
| CVE-2017-6864 | 1 Siemens | 1 Ruggedcom Rox I | 2017-07-12 | 3.5 LOW | 5.4 MEDIUM |
| The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks. | |||||
| CVE-2017-2645 | 1 Moodle | 1 Moodle | 2017-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Moodle 3.x, XSS can occur via attachments to evidence of prior learning. | |||||
| CVE-2017-3888 | 1 Cisco | 1 Unified Communications Manager | 2017-07-12 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability affects Cisco Unified Communications Manager with a default configuration running an affected software release with the attacker authenticated as the administrative user. More Information: CSCvc83712. Known Affected Releases: 12.0(0.98000.452). Known Fixed Releases: 12.0(0.98000.750) 12.0(0.98000.708) 12.0(0.98000.707) 12.0(0.98000.704) 12.0(0.98000.554) 12.0(0.98000.546) 12.0(0.98000.543) 12.0(0.98000.248) 12.0(0.98000.244) 12.0(0.98000.242). | |||||
| CVE-2017-3874 | 1 Cisco | 1 Unified Communications Manager | 2017-07-12 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. More Information: CSCvb70033. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.507) 11.0(1.23900.5) 11.0(1.23900.3) 10.5(2.15900.2). | |||||
| CVE-2017-3868 | 1 Cisco | 1 Unified Computing System Director | 2017-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc44344. Known Affected Releases: 6.0(0.0). | |||||
| CVE-2017-3866 | 1 Cisco | 1 Prime Service Catalog | 2017-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web framework code of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvc79842 CSCvc79846 CSCvc79855 CSCvc79873 CSCvc79882 CSCvc79891. Known Affected Releases: 11.1.2. | |||||
| CVE-2017-6973 | 1 Mantisbt | 1 Mantisbt | 2017-07-12 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2. | |||||
| CVE-2017-5900 | 1 Netcomm | 2 Nb16wv-02, Nb16wv-02 Firmware | 2017-07-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the NetComm NB16WV-02 router with firmware NB16WV_R0.09 allows remote authenticated users to inject arbitrary web script or HTML via the S801F0334 parameter to hdd.htm. | |||||
| CVE-2017-0055 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2017-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft IIS Server XSS Elevation of Privilege Vulnerability." | |||||
| CVE-2017-1120 | 1 Ibm | 1 Websphere Portal | 2017-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000152. | |||||
| CVE-2017-2644 | 1 Moodle | 1 Moodle | 2017-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Moodle 3.x, XSS can occur via evidence of prior learning. | |||||
| CVE-2017-7241 | 1 Mantisbt | 1 Mantisbt | 2017-07-12 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings allows it. This is fixed in 1.3.9, 2.1.3, and 2.2.3. Note that this vulnerability is not exploitable if the admin tools directory is removed, as recommended in the "Post-installation and upgrade tasks" of the MantisBT Admin Guide. A reminder to do so is also displayed on the login page. | |||||
| CVE-2017-2393 | 1 Apple | 1 Iphone Os | 2017-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Safari Reader" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site. | |||||
| CVE-2017-0107 | 1 Microsoft | 1 Sharepoint Foundation | 2017-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local security context, aka "Microsoft SharePoint XSS Vulnerability." | |||||
| CVE-2017-7309 | 1 Mantisbt | 1 Mantisbt | 2017-07-12 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3. | |||||
| CVE-2017-6611 | 1 Cisco | 1 Prime Infrastructure | 2017-07-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web framework code of Cisco Prime Infrastructure 2.2(2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCuw65830. | |||||
| CVE-2017-7409 | 1 Paloaltonetworks | 1 Pan-os | 2017-07-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674. | |||||
| CVE-2017-3127 | 1 Fortinet | 1 Fortios | 2017-07-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation. | |||||
| CVE-2017-7897 | 1 Mantisbt | 1 Mantisbt | 2017-07-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x before 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote attackers to inject arbitrary code (if CSP settings permit it) through crafted PATH_INFO in a URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs. | |||||
| CVE-2017-9313 | 1 Webmin | 1 Webmin | 2017-07-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840. | |||||
| CVE-2017-1217 | 1 Ibm | 1 Websphere Portal | 2017-07-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123857 | |||||
| CVE-2017-1256 | 1 Ibm | 1 Security Guardium | 2017-07-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124678 | |||||
| CVE-2017-1100 | 1 Ibm | 1 Rational Quality Manager | 2017-07-08 | 3.5 LOW | 5.4 MEDIUM |
| IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120661. | |||||
| CVE-2017-1320 | 1 Ibm | 1 Tivoli Federated Identity Manager | 2017-07-08 | 3.5 LOW | 5.4 MEDIUM |
| IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125732. | |||||
| CVE-2017-1325 | 1 Ibm | 1 Inotes | 2017-07-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125976. | |||||
| CVE-2016-9257 | 1 F5 | 1 Big-ip Access Policy Manager | 2017-07-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing the non-authenticated user to carry out a Cross Site Scripting (XSS) attack against the Administrative user. | |||||
| CVE-2017-4978 | 1 Rsa | 1 Adaptive Authentication \(on Premise\) | 2017-07-08 | 3.5 LOW | 5.4 MEDIUM |
| EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 (exclusive) contains a fix for a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-4011 | 1 Mcafee | 1 Network Data Loss Prevention | 2017-07-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request. | |||||
| CVE-2017-3894 | 1 Blackberry | 2 Enterprise Service, Unified Endpoint Manager | 2017-07-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console. | |||||
| CVE-2017-6661 | 1 Cisco | 2 Content Security Management Appliance, Email Security Appliance | 2017-07-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. More Information: CSCvd30805 CSCvd34861. Known Affected Releases: 10.0.0-203 10.1.0-049. | |||||
| CVE-2017-6654 | 1 Cisco | 1 Unified Communications Manager | 2017-07-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager 10.5 through 11.5 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvc06608. | |||||
| CVE-2017-3128 | 1 Fortinet | 1 Fortios | 2017-07-08 | 3.5 LOW | 4.8 MEDIUM |
| A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter. | |||||
| CVE-2017-1104 | 1 Ibm | 1 Rational Quality Manager | 2017-07-08 | 3.5 LOW | 5.4 MEDIUM |
| IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120666. | |||||
| CVE-2017-1102 | 1 Ibm | 1 Rational Quality Manager | 2017-07-08 | 3.5 LOW | 5.4 MEDIUM |
| IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120663. | |||||
| CVE-2017-1101 | 1 Ibm | 1 Rational Quality Manager | 2017-07-08 | 3.5 LOW | 5.4 MEDIUM |
| IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120662. | |||||
| CVE-2017-7316 | 1 Humaxdigital | 2 Hg100r, Hg100r Firmware | 2017-07-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on Humax Digital HG100R 2.0.6 devices. There is XSS on the 404 page. | |||||
| CVE-2017-6717 | 1 Cisco | 1 Firepower Management Center | 2017-07-07 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc38801. Known Affected Releases: 6.0.1.3 6.2.1. Known Fixed Releases: 6.2.1. | |||||
| CVE-2017-6716 | 1 Cisco | 1 Firepower Management Center | 2017-07-07 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web framework code of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. Affected Products: Cisco Firepower Management Center Software Releases prior to 6.0.0.0. More Information: CSCuy88785. Known Affected Releases: 5.4.1.6. | |||||