Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17832 | 1 Serverscheck | 1 Monitoring Software | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter, and JavaScript can be executed on settings-save.html (the Settings - SMS Alerts page). | |||||
| CVE-2017-1365 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 126858. | |||||
| CVE-2017-18005 | 1 Exiv2 | 1 Exiv2 | 2018-01-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file. | |||||
| CVE-2017-1000413 | 1 Linaro | 1 Op-tee | 2018-01-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key. | |||||
| CVE-2016-9266 | 1 Libming | 1 Libming | 2018-01-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| listmp3.c in libming 0.4.7 allows remote attackers to unspecified impact via a crafted mp3 file, which triggers an invalid left shift. | |||||
| CVE-2018-0800 | 1 Microsoft | 3 Chakracore, Edge, Windows 10 | 2018-01-17 | 4.3 MEDIUM | 5.3 MEDIUM |
| Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0780. | |||||
| CVE-2017-1000462 | 1 Bookstackapp | 1 Bookstack | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code. | |||||
| CVE-2017-1000482 | 1 Plone | 1 Plone | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page. | |||||
| CVE-2017-1000495 | 1 Quickappscms | 1 Quickapps Cms | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account | |||||
| CVE-2017-1000467 | 1 Lavalite | 1 Lavalite | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code. | |||||
| CVE-2017-1000478 | 1 Elabftw | 1 Elabftw | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service. | |||||
| CVE-2018-5249 | 1 Shaarli Project | 1 Shaarli | 2018-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form's username field (aka the login parameter to the ban_canLogin function in index.php). | |||||
| CVE-2018-5076 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-01-17 | 3.5 LOW | 4.8 MEDIUM |
| Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter. | |||||
| CVE-2018-5077 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-01-17 | 3.5 LOW | 4.8 MEDIUM |
| Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter. | |||||
| CVE-2018-5078 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-01-16 | 3.5 LOW | 4.8 MEDIUM |
| Online Ticket Booking has XSS via the admin/eventlist.php cast parameter. | |||||
| CVE-2017-1000466 | 1 Invoiceninja | 1 Invoice Ninja | 2018-01-16 | 3.5 LOW | 5.4 MEDIUM |
| Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result in disruption of service and execution of javascript code. | |||||
| CVE-2017-1000491 | 1 Shiba Project | 1 Shiba | 2018-01-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration. | |||||
| CVE-2017-18006 | 1 Extensis | 1 Portfolio Netpublish | 2018-01-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447. | |||||
| CVE-2018-5074 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-01-16 | 3.5 LOW | 4.8 MEDIUM |
| Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter. | |||||
| CVE-2018-5072 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-01-16 | 3.5 LOW | 4.8 MEDIUM |
| Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter. | |||||
| CVE-2017-1673 | 1 Ibm | 1 Security Key Lifecycle Manager | 2018-01-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133640. | |||||
| CVE-2018-5216 | 1 Radiantcms | 1 Radiant Cms | 2018-01-16 | 3.5 LOW | 5.4 MEDIUM |
| Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_content parameter to an admin/pages/*/edit resource. | |||||
| CVE-2018-5215 | 1 Fork-cms | 1 Fork Cms | 2018-01-16 | 3.5 LOW | 5.4 MEDIUM |
| Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter. | |||||
| CVE-2018-5213 | 1 Simple Download Monitor Project | 1 Simple Download Monitor | 2018-01-16 | 3.5 LOW | 5.4 MEDIUM |
| The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php. | |||||
| CVE-2018-5212 | 1 Simple Download Monitor Project | 1 Simple Download Monitor | 2018-01-16 | 3.5 LOW | 5.4 MEDIUM |
| The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php. | |||||
| CVE-2017-17971 | 1 Dolibarr | 1 Dolibarr | 2018-01-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS. | |||||
| CVE-2017-17859 | 1 Samsung | 1 Internet Browser | 2018-01-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML file does not have a document.domain value corresponding to the domain that is hosting the MHTML file, but instead has a document.domain value corresponding to an arbitrary URL within the content of the MHTML file. | |||||
| CVE-2017-1000442 | 1 Passbolt | 1 Passbolt Api | 2018-01-16 | 3.5 LOW | 5.4 MEDIUM |
| Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace | |||||
| CVE-2017-15591 | 1 Xen | 1 Xen | 2018-01-16 | 4.9 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of range start to range end) within the DMOP map/unmap implementation. | |||||
| CVE-2016-8939 | 1 Ibm | 1 Tivoli Storage Manager | 2018-01-16 | 2.1 LOW | 5.5 MEDIUM |
| IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790. | |||||
| CVE-2017-7395 | 1 Tigervnc | 1 Tigervnc | 2018-01-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server. | |||||
| CVE-2017-15537 | 1 Linux | 1 Linux Kernel | 2018-01-13 | 2.1 LOW | 5.5 MEDIUM |
| The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c. | |||||
| CVE-2018-5075 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-01-12 | 3.5 LOW | 4.8 MEDIUM |
| Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter. | |||||
| CVE-2017-1727 | 1 Ibm | 1 Security Key Lifecycle Manager | 2018-01-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869. | |||||
| CVE-2017-1664 | 1 Ibm | 1 Security Key Lifecycle Manager | 2018-01-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133557. | |||||
| CVE-2017-17649 | 1 Readymade Video Sharing Script Project | 1 Readymade Video Sharing Script | 2018-01-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter. | |||||
| CVE-2017-17089 | 1 Webmin | 1 Webmin | 2018-01-12 | 3.5 LOW | 4.8 MEDIUM |
| custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality. | |||||
| CVE-2017-6134 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2018-01-12 | 3.3 LOW | 6.5 MEDIUM |
| In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash. | |||||
| CVE-2017-9554 | 1 Synology | 1 Diskstation Manager | 2018-01-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors. | |||||
| CVE-2017-12811 | 1 Stivasoft | 1 Phpjabbers Star Rating Script | 2018-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item. | |||||
| CVE-2017-12810 | 1 Stivasoft | 1 Phpjabbers Newsletter Script | 2018-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel. | |||||
| CVE-2017-12812 | 1 Stivasoft | 1 Phpjabbers Night Club Booking Software | 2018-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab. | |||||
| CVE-2017-12813 | 1 Stivasoft | 1 Phpjabbers File Sharing Script | 2018-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section. | |||||
| CVE-2017-18012 | 1 Z-url Preview Project | 1 Z-url Preview | 2018-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter. | |||||
| CVE-2017-18004 | 1 Zurmo | 1 Zurmo Crm | 2018-01-11 | 3.5 LOW | 5.4 MEDIUM |
| Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint. | |||||
| CVE-2015-7324 | 1 Stackideas | 1 Komento | 2018-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) img or (2) url tag of a new comment. | |||||
| CVE-2017-17911 | 1 Archon | 1 Archon | 2018-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?p=core/contact request, aka Open Bug Bounty ID OBB-278503. | |||||
| CVE-2017-17869 | 1 Mgl-instagram-gallery Project | 1 Mgl-instagram-gallery | 2018-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter. | |||||
| CVE-2014-4978 | 2 Fedoraproject, Rawstudio | 2 Fedora, Rawstudio | 2018-01-10 | 3.6 LOW | 5.5 MEDIUM |
| The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph. | |||||
| CVE-2017-17909 | 1 Responsive Realestate Script Project | 1 Responsive Realestate Script | 2018-01-10 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter. | |||||