Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8953 | 1 Hp | 2 Loadrunner, Performance Center | 2018-03-07 | 3.5 LOW | 5.4 MEDIUM |
| A Remote Cross-Site Scripting (XSS) vulnerability in HPE LoadRunner v12.53 and earlier and HPE Performance Center version v12.53 and earlier was found. | |||||
| CVE-2018-0869 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2018-03-07 | 3.5 LOW | 5.4 MEDIUM |
| SharePoint Server 2016 allows an elevation of privilege vulnerability due to how web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". | |||||
| CVE-2018-2364 | 1 Sap | 2 Customer Relationship Management Webclient Ui, S4fnd | 2018-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2017-14536 | 1 Netfortris | 1 Trixbox | 2018-03-06 | 3.5 LOW | 5.4 MEDIUM |
| trixbox 2.8.0.4 has XSS via the PATH_INFO to /maint/index.php or /user/includes/language/langChooser.php. | |||||
| CVE-2017-18091 | 1 Atlassian | 2 Crucible, Fisheye | 2018-03-06 | 3.5 LOW | 4.8 MEDIUM |
| The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup. | |||||
| CVE-2017-18090 | 1 Atlassian | 1 Fisheye | 2018-03-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author. | |||||
| CVE-2017-18089 | 1 Atlassian | 1 Crucible | 2018-03-06 | 3.5 LOW | 5.4 MEDIUM |
| The view review history resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the invited reviewers for a review. | |||||
| CVE-2018-7260 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-03-06 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2018-6506 | 1 Minibb | 1 Minibb | 2018-03-06 | 3.5 LOW | 4.8 MEDIUM |
| Cross-Site Scripting (XSS) exists in the Add Forum feature in the Administrative Panel in miniBB 3.2.2 via crafted use of an onload attribute of an SVG element in the supertitle field. | |||||
| CVE-2018-6890 | 1 Wolfcms | 1 Wolf Cms | 2018-03-06 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the page editing feature, as demonstrated by /?/admin/page/edit/3. | |||||
| CVE-2017-18175 | 1 Progress | 1 Sitefinity | 2018-03-05 | 3.5 LOW | 5.4 MEDIUM |
| Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. This is fixed in 10.1. | |||||
| CVE-2017-18177 | 1 Progress | 1 Sitefinity | 2018-03-05 | 3.5 LOW | 5.4 MEDIUM |
| Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1. | |||||
| CVE-2017-18176 | 1 Progress | 1 Sitefinity | 2018-03-05 | 3.5 LOW | 5.4 MEDIUM |
| Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1. | |||||
| CVE-2016-8522 | 1 Hp | 1 Diagnostics | 2018-03-05 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found. | |||||
| CVE-2018-1000062 | 1 Wondercms | 1 Wondercms | 2018-03-05 | 3.5 LOW | 4.4 MEDIUM |
| WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerability in uploadFileAction(), 'svg' => 'image/svg+xml' that can result in An attacker can execute arbitrary script on an unsuspecting user's browser. This attack appear to be exploitable via Crafted SVG File. | |||||
| CVE-2016-8517 | 1 Hp | 1 Systems Insight Manager | 2018-03-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross site scripting vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found. | |||||
| CVE-2018-7197 | 1 Pluck-cms | 1 Pluck | 2018-03-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Pluck through 4.7.4. A stored cross-site scripting (XSS) vulnerability allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL. | |||||
| CVE-2018-7280 | 1 Ninjaforms | 1 Ninja Forms | 2018-03-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ninja Forms plugin before 3.2.14 for WordPress has XSS. | |||||
| CVE-2017-16356 | 1 Kubik-rubik | 1 Simple Image Gallery Extended | 2018-03-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/plugin_sige/print.php link with a crafted img, name, or caption parameter. | |||||
| CVE-2018-6193 | 1 Routers2 Project | 1 Routers2 | 2018-03-03 | 2.6 LOW | 4.7 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, affecting the 'rtr' GET parameter in a page=graph action to cgi-bin/routers2.pl. | |||||
| CVE-2017-12544 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2018-03-02 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2018-6866 | 1 Learning And Examination Management System Script Project | 1 Learning And Examination Management System Script | 2018-03-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 via a crafted message. | |||||
| CVE-2018-6867 | 1 Alibaba Clone Script Project | 1 Alibaba Clone Script | 2018-03-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile parameter. | |||||
| CVE-2018-6868 | 1 Groupon Clone Script Project | 1 Groupon Clone Script | 2018-03-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field parameter. | |||||
| CVE-2016-8532 | 1 Hp | 1 Matrix Operating Environment | 2018-03-01 | 3.5 LOW | 5.4 MEDIUM |
| A cross site scripting vulnerability in HPE Matrix Operating Environment version 7.6 was found. | |||||
| CVE-2018-1000020 | 1 Open-emr | 1 Openemr | 2018-03-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenEMR version 5.0.0 contains a Cross Site Scripting (XSS) vulnerability in open-flash-chart.swf and _posteddata.php that can result in . This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher. | |||||
| CVE-2018-6795 | 1 Naukri Clone Script Project | 1 Naukri Clone Script | 2018-03-01 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every profile input field. | |||||
| CVE-2018-6878 | 1 Hot Scripts Clone Project | 1 Hot Scripts Clone | 2018-03-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in the review section in PHP Scripts Mall Hot Scripts Clone Script Classified 3.1 via the title or description field. | |||||
| CVE-2018-6468 | 1 Flickrrss Project | 1 Flickrrss | 2018-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_id parameter to wp-admin/options-general.php. | |||||
| CVE-2018-6466 | 1 Flickrrss Project | 1 Flickrrss | 2018-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_set parameter to wp-admin/options-general.php. | |||||
| CVE-2018-6469 | 1 Flickrrss Project | 1 Flickrrss | 2018-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_tags parameter to wp-admin/options-general.php. | |||||
| CVE-2018-5306 | 1 Sonatype | 1 Nexus Repository Manager | 2018-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality. | |||||
| CVE-2018-6824 | 1 Cozy | 1 Cozy | 2018-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cozy version 2 has XSS allowing remote attackers to obtain administrative access via JavaScript code in the url parameter to the /api/proxy URI, as demonstrated by an XMLHttpRequest call with an 'email:"attacker@example.com"' request, which can be followed by a password reset. | |||||
| CVE-2012-0941 | 1 Fortinet | 1 Fortios | 2018-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, or (3) Log&Report Display modules, or the fields_sorted_opt parameter to (4) user/auth/list or (5) endpointcompliance/app_detect/predefined_sig_list. | |||||
| CVE-2012-6346 | 1 Fortinet | 1 Fortiweb | 2018-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) redir or (2) mkey parameter to waf/pcre_expression/validate. | |||||
| CVE-2018-5307 | 1 Sonatype | 1 Nexus Repository Manager | 2018-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality. | |||||
| CVE-2018-6891 | 1 Ladela | 1 Bookly | 2018-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQuery.ajax request to ng-payment_details_dialog.js. | |||||
| CVE-2012-6347 | 1 Fortinet | 1 Fortidb | 2018-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Java number format exception handling in FortiGate FortiDB before 4.4.2 allow remote attackers to inject arbitrary web script or HTML via the conversationContext parameter to (1) admin/auditTrail.jsf, (2) mapolicymgmt/targetsMonitorView.jsf, (3) vascan/globalsummary.jsf, (4) vaerrorlog/vaErrorLog.jsf, (5) database/listTargetGroups.jsf, (6) sysconfig/listSystemInfo.jsf, (7) vascan/list.jsf, (8) network/router.jsf, (9) mapolicymgmt/editPolicyProfile.jsf, or (10) mapolicymgmt/maPolicyMasterList.jsf. | |||||
| CVE-2018-2383 | 1 Sap | 1 Internet Graphics Server | 2018-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53. | |||||
| CVE-2018-2388 | 1 Sap | 1 Internet Graphics Server | 2018-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53. | |||||
| CVE-2017-1000506 | 1 Mautic | 1 Mautic | 2018-02-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code. | |||||
| CVE-2017-1000510 | 1 Croogo | 1 Croogo | 2018-02-26 | 3.5 LOW | 5.4 MEDIUM |
| Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting (XSS) vulnerability in Page name that can result in execution of javascript code. | |||||
| CVE-2017-1000509 | 1 Dolibarr | 1 Dolibarr | 2018-02-26 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code. | |||||
| CVE-2017-1000508 | 1 Invoiceplane | 1 Invoiceplane | 2018-02-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Invoice Plane version 1.5.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Client's details that can result in execution of javascript code . This vulnerability appears to have been fixed in 1.5.5 and later. | |||||
| CVE-2017-1000507 | 1 Cnvs | 1 Canvas | 2018-02-26 | 3.5 LOW | 5.4 MEDIUM |
| Canvs Canvas version 3.4.2 contains a Cross Site Scripting (XSS) vulnerability in User's details that can result in denial of service and execution of javascript code. | |||||
| CVE-2018-6796 | 1 Multilanguage Real Estate Mlm Script Project | 1 Multilanguage Real Estate Mlm Script | 2018-02-26 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input field. | |||||
| CVE-2018-6655 | 1 Doctor Search Script Project | 1 Doctor Search Script | 2018-02-26 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an arbitrary profile field. | |||||
| CVE-2017-1761 | 1 Ibm | 1 Websphere Portal | 2018-02-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136005. | |||||
| CVE-2018-1382 | 1 Ibm | 1 Api Connect | 2018-02-26 | 3.5 LOW | 5.4 MEDIUM |
| IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138079. | |||||
| CVE-2018-6864 | 1 Multireligion Responsive Matrimonial Project | 1 Multireligion Responsive Matrimonial | 2018-02-26 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion Responsive Matrimonial 4.7.2 via a user profile update parameter. | |||||