Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4856 | 1 Splunk | 1 Splunk | 2017-05-19 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-2122 | 1 Tenable | 1 Nessus | 2017-05-19 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-4880 | 1 Basercms | 1 Basercms | 2017-05-18 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-4883 | 1 Basercms | 1 Basercms | 2017-05-18 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-8892 | 1 Opentext | 1 Tempo Box | 2017-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image. | |||||
| CVE-2017-8304 | 1 Accellion | 1 File Transfer Appliance | 2017-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI. | |||||
| CVE-2017-8760 | 1 Accellion | 1 File Transfer Appliance | 2017-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding. | |||||
| CVE-2017-8795 | 1 Accellion | 1 File Transfer Appliance | 2017-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/smtpg_add.html with the param parameter. | |||||
| CVE-2017-8792 | 1 Accellion | 1 File Transfer Appliance | 2017-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter. | |||||
| CVE-2017-8801 | 1 Trendmicro | 1 Officescan | 2017-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website. | |||||
| CVE-2017-8778 | 1 Gitlab | 1 Gitlab | 2017-05-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document. | |||||
| CVE-2017-8763 | 1 Telaxius | 1 Epesi | 2017-05-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in modules/Base/Box/check_for_new_version.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URI that lacks the cid parameter. | |||||
| CVE-2017-7887 | 1 Dolibarr | 1 Dolibarr | 2017-05-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter. | |||||
| CVE-2016-6037 | 1 Ibm | 2 Rational Quality Manager, Rational Team Concert | 2017-05-15 | 3.5 LOW | 4.8 MEDIUM |
| IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 116918. | |||||
| CVE-2016-6035 | 1 Ibm | 2 Rational Quality Manager, Rational Team Concert | 2017-05-15 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116896. | |||||
| CVE-2016-5888 | 1 Ibm | 1 Interact | 2017-05-15 | 3.5 LOW | 5.4 MEDIUM |
| IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 115084. | |||||
| CVE-2016-3032 | 1 Ibm | 1 Cognos Analytics | 2017-05-15 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114516. | |||||
| CVE-2016-4888 | 1 Zohocorp | 1 Servicedesk Plus | 2017-05-13 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-7430 | 2 Netiq, Novell | 2 Imanager, Imanager | 2017-05-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework. | |||||
| CVE-2015-9057 | 1 Proxmox | 1 Proxmox Mail Gateway | 2017-05-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allow remote attackers to inject arbitrary web script or HTML via multiple parameters, related to /users/index.htm, /quarantine/spam/manage.htm, /quarantine/spam/whitelist.htm, /queues/mail/index/, /system/ssh.htm, /queues/mail/?domain=, and /quarantine/virus/manage.htm. | |||||
| CVE-2016-0255 | 1 Ibm | 1 Marketing Platform | 2017-05-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 110564. | |||||
| CVE-2017-8762 | 1 Genixcms | 1 Genixcms | 2017-05-12 | 3.5 LOW | 5.4 MEDIUM |
| GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element. | |||||
| CVE-2017-8780 | 1 Genixcms | 1 Genixcms | 2017-05-12 | 3.5 LOW | 4.8 MEDIUM |
| GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during a publish operation by an administrator, as demonstrated by a malformed P element. | |||||
| CVE-2017-8384 | 1 Craftcms | 1 Craft Cms | 2017-05-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052. | |||||
| CVE-2017-8376 | 1 Genixcms | 1 Genixcms | 2017-05-10 | 3.5 LOW | 5.4 MEDIUM |
| GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is mishandled during a mouse operation by an administrator. | |||||
| CVE-2017-8302 | 1 Blueriver | 1 Muracms | 2017-05-10 | 3.5 LOW | 5.4 MEDIUM |
| Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dsp_nextn.cfm, admin/core/views/cusers/inc/dsp_search_form.cfm, admin/core/views/cusers/inc/dsp_users_list.cfm, admin/core/views/cusers/list.cfm, and admin/core/views/cusers/listusers.cfm. | |||||
| CVE-2017-2106 | 1 Webmin | 1 Webmin | 2017-05-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-7271 | 1 Yii Software | 1 Yii | 2017-05-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen. | |||||
| CVE-2017-2148 | 1 Iodata | 2 Wn-ac1167gr, Wn-ac1167gr Firmware | 2017-05-05 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-2151 | 1 Booking Calendar Project | 1 Booking Calendar | 2017-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-2136 | 1 Wp Statistics | 1 Wp Statistics | 2017-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. | |||||
| CVE-2017-2127 | 1 Yourownprogrammer | 1 Yop Poll | 2017-05-05 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-7841 | 1 Olive Design | 1 Olive Diary Dx | 2017-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Olive Diary DX allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2016-7839 | 1 Olive Design | 1 Olive Blog | 2017-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Olive Blog allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2017-2123 | 1 Onethird | 1 Onethird Cms | 2017-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via language.php. | |||||
| CVE-2017-2114 | 1 Cybozu | 1 Office | 2017-05-03 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-7987 | 1 Joomla | 1 Joomla\! | 2017-05-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component. | |||||
| CVE-2017-8298 | 1 Cnvs | 1 Canvas | 2017-05-03 | 3.5 LOW | 5.4 MEDIUM |
| cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a "Posts > Add New" action, and during creation of new tags and users. | |||||
| CVE-2016-8924 | 1 Ibm | 1 Maximo Asset Management | 2017-05-03 | 4.3 MEDIUM | 5.6 MEDIUM |
| IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 118537. | |||||
| CVE-2017-2092 | 1 Cybozu | 1 Garoon | 2017-05-03 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-5191 | 1 Netiq | 1 Access Manager | 2017-05-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header. | |||||
| CVE-2017-7986 | 1 Joomla | 1 Joomla\! | 2017-05-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components. | |||||
| CVE-2017-2118 | 1 Wbce | 1 Wbce Cms | 2017-05-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-7984 | 1 Joomla | 1 Joomla\! | 2017-05-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component. | |||||
| CVE-2017-7386 | 1 Symetrie Project | 1 Symetrie | 2017-05-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| citymont/symetrie v.0.9.6 is vulnerable to a reflected XSS in symetrie-master/app/commands/page.php (model parameter). | |||||
| CVE-2016-9723 | 1 Ibm | 2 Qradar Incident Forensics, Qradar Security Information And Event Manager | 2017-05-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534. | |||||
| CVE-2017-7590 | 1 Openidm Project | 1 Openidm | 2017-04-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name. | |||||
| CVE-2016-6334 | 1 Mediawiki | 1 Mediawiki | 2017-04-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links. | |||||
| CVE-2016-6333 | 1 Mediawiki | 1 Mediawiki | 2017-04-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css. | |||||
| CVE-2017-8085 | 1 Exponentcms | 1 Exponent Cms | 2017-04-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php. | |||||