Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6862 | 1 Bitcoin Mlm Project | 1 Bitcoin Mlm | 2018-02-26 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Bitcoin MLM Software 1.0.2 via a profile field. | |||||
| CVE-2018-1401 | 1 Ibm | 1 Websphere Portal | 2018-02-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138437. | |||||
| CVE-2018-6844 | 1 Mybb | 1 Mybb | 2018-02-26 | 3.5 LOW | 5.4 MEDIUM |
| MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen. | |||||
| CVE-2018-6834 | 1 Etherpad | 1 Etherpad Lite | 2018-02-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href. | |||||
| CVE-2015-2329 | 1 Woocommerce | 1 Woocommerce | 2018-02-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order. | |||||
| CVE-2015-3618 | 1 Nagios | 1 Business Process Intelligence | 2018-02-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Nagios Business Process Intelligence (BPI) before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving index.php. | |||||
| CVE-2015-3619 | 1 Virtuemart | 1 Virtuemart | 2018-02-26 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in the VirtueMart component before 3.0.8 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors involving a "double encode combination of first_name, last_name and company." | |||||
| CVE-2018-6291 | 1 Kaspersky | 1 Secure Mail Gateway | 2018-02-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1. | |||||
| CVE-2017-5124 | 2 Debian, Google | 2 Debian Linux, Chrome | 2018-02-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page. | |||||
| CVE-2017-8783 | 1 Synacor | 1 Zimbra Collaboration Suite | 2018-02-23 | 3.5 LOW | 5.4 MEDIUM |
| Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent XSS. | |||||
| CVE-2017-17703 | 1 Synacor | 1 Zimbra Collaboration Suite | 2018-02-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent XSS. | |||||
| CVE-2016-6319 | 1 Theforeman | 1 Foreman | 2018-02-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary web script or HTML via the label parameter. | |||||
| CVE-2013-6459 | 1 Mislav Marohnic | 1 Will Paginate | 2018-02-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links. | |||||
| CVE-2018-6355 | 1 Iball | 2 Ib-wrb302n, Ib-wrb302n Firmware | 2018-02-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| /goform/setLang on iBall 300M devices with "iB-WRB302N_1.0.1-Sep 8 2017" firmware has Unauthenticated Stored Cross Site Scripting via the lang parameter. | |||||
| CVE-2016-4317 | 1 Atlassian | 1 Confluence | 2018-02-16 | 3.5 LOW | 5.4 MEDIUM |
| Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page. | |||||
| CVE-2016-4318 | 1 Atlassian | 1 Jira | 2018-02-16 | 3.5 LOW | 4.8 MEDIUM |
| Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name. | |||||
| CVE-2018-6354 | 1 Formspree | 1 Formspree | 2018-02-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| templates/forms/thanks.html in Formspree before 2018-01-23 allows XSS related to the _next parameter. | |||||
| CVE-2018-6465 | 1 Wp-property-hive | 1 Propertyhive | 2018-02-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php. | |||||
| CVE-2017-18083 | 1 Atlassian | 1 Confluence | 2018-02-15 | 3.5 LOW | 5.4 MEDIUM |
| The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file. | |||||
| CVE-2018-6561 | 1 Dojotoolkit | 1 Dojo | 2018-02-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element. | |||||
| CVE-2016-0303 | 1 Ibm | 1 Tivoli Integrated Portal | 2018-02-15 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Tivoli Integrated Portal 2.2.0.0 through 2.2.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-6194 | 1 Splashing Images Project | 1 Splashing Images | 2018-02-14 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php. | |||||
| CVE-2016-0311 | 1 Ibm | 1 Tivoli Business Service Manager | 2018-02-14 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Tivoli Business Service Manager 6.1.0 before 6.1.0-TIV-BSM-FP0004 and 6.1.1 before 6.1.1-TIV-BSM-FP0004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111480. | |||||
| CVE-2018-0508 | 1 Kkcald Project | 1 Kkcald | 2018-02-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-6550 | 1 Monstra | 1 Monstra | 2018-02-14 | 3.5 LOW | 5.4 MEDIUM |
| Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php. | |||||
| CVE-2018-6545 | 1 Ipswitch | 1 Moveit | 2018-02-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability, as demonstrated by human.aspx. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks. | |||||
| CVE-2017-14190 | 1 Fortinet | 1 Fortios | 2018-02-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests. | |||||
| CVE-2018-6377 | 1 Joomla | 1 Joomla\! | 2018-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox | |||||
| CVE-2017-18082 | 1 Atlassian | 1 Bamboo | 2018-02-13 | 3.5 LOW | 5.4 MEDIUM |
| The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch. | |||||
| CVE-2018-6380 | 1 Joomla | 1 Joomla\! | 2018-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system. | |||||
| CVE-2018-6379 | 1 Joomla | 1 Joomla\! | 2018-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability. | |||||
| CVE-2017-2743 | 1 Hp | 175 2a68a, 2a68a Firmware, 2a69a and 172 more | 2018-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| HP has identified a potential security vulnerability with HP Enterprise LaserJet Printers and MFPs, HP OfficeJet Enterprise Color Printers and MFP, HP PageWide Color Printers and MPS before 2308214_000901, 2308214_000900, and other firmware versions. The vulnerability could be exploited to perform a cross site scripting (XSS) attack. | |||||
| CVE-2018-5967 | 1 Netis-systems | 2 Wf2419, Wf2419 Firmware | 2018-02-12 | 3.5 LOW | 5.4 MEDIUM |
| Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page. | |||||
| CVE-2017-1000389 | 1 Jenkins | 1 Global-build-stats | 2018-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting vulnerability. Additionally, some URLs provided by global-build-stats plugin that modify data did not require POST requests to be sent, resulting in a potential cross-site request forgery vulnerability. | |||||
| CVE-2018-5962 | 1 Centos-webpanel | 1 Centos Web Panel | 2018-02-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module. | |||||
| CVE-2017-1653 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2018-02-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6.0.x) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133268. | |||||
| CVE-2018-5961 | 1 Centos-webpanel | 1 Centos Web Panel | 2018-02-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file. | |||||
| CVE-2018-6190 | 1 Netis-systems | 2 Wf2419, Wf2419 Firmware | 2018-02-09 | 3.5 LOW | 5.4 MEDIUM |
| Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page. | |||||
| CVE-2018-5705 | 1 Reservo | 1 Image Hosting | 2018-02-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reservo Image Hosting 1.6 is vulnerable to XSS attacks. The affected function is its search engine (the t parameter to the /search URI). Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed. | |||||
| CVE-2017-1000404 | 1 Jenkins | 1 Delivery Pipeline | 2018-02-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs. | |||||
| CVE-2018-6313 | 1 Wbce | 1 Wbce Cms | 2018-02-08 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118. | |||||
| CVE-2017-2746 | 1 Hp | 1 Jetadvantage Security Manager | 2018-02-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to create a denial of service. | |||||
| CVE-2017-1506 | 1 Ibm | 1 Cognos Tm1 | 2018-02-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Cognos TM1 10.2 and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129617. | |||||
| CVE-2017-1563 | 1 Ibm | 1 Rational Doors | 2018-02-08 | 3.5 LOW | 5.4 MEDIUM |
| IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131763. | |||||
| CVE-2017-1540 | 1 Ibm | 1 Rational Doors | 2018-02-08 | 3.5 LOW | 5.4 MEDIUM |
| IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130808. | |||||
| CVE-2017-1532 | 1 Ibm | 1 Rational Doors | 2018-02-08 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130411. | |||||
| CVE-2018-5965 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-02-07 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter. | |||||
| CVE-2018-5964 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-02-07 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter. | |||||
| CVE-2018-5963 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-02-07 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter. | |||||
| CVE-2018-6001 | 1 Webartisan | 1 Soundy Audio Playlist | 2018-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Soundy Audio Playlist plugin 4.6 and below for WordPress has Cross-Site Scripting via soundy-audio-playlist\templates\front-end.php (war_sdy_pl_preview parameter). | |||||