Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0195 | 1 Ibm | 6 Maximo Asset Management, Maximo Asset Management Essentials, Maximo Service Desk and 3 more | 2018-01-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name. | |||||
| CVE-2011-1395 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2018-01-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter. | |||||
| CVE-2011-4819 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2018-01-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/. | |||||
| CVE-2011-1396 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2018-01-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component. | |||||
| CVE-2017-17988 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2018-01-09 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter. | |||||
| CVE-2017-17986 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2018-01-09 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter. | |||||
| CVE-2017-17985 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2018-01-09 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state_view.php cou_id parameter. | |||||
| CVE-2017-17984 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2018-01-09 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter. | |||||
| CVE-2017-17981 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2018-01-09 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter. | |||||
| CVE-2017-17940 | 1 Single Theater Booking Script Project | 1 Single Theater Booking Script | 2018-01-09 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php. | |||||
| CVE-2017-17938 | 1 Single Theater Booking Script Project | 1 Single Theater Booking Script | 2018-01-09 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter. | |||||
| CVE-2017-17904 | 1 Fortunescripts | 1 Lynda Clone | 2018-01-09 | 3.5 LOW | 5.4 MEDIUM |
| FS Lynda Clone has XSS via the keywords parameter to tutorial/ or the edit_profile_first_name parameter to user/edit_profile. | |||||
| CVE-2017-17893 | 1 Readymade Video Sharing Script Project | 1 Readymade Video Sharing Script | 2018-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Readymade Video Sharing Script has XSS via the search_video.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter. | |||||
| CVE-2017-17868 | 1 Liferay | 1 Liferay Portal | 2018-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag. | |||||
| CVE-2017-17907 | 1 Car Rental Script Project | 1 Car Rental Script | 2018-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter. | |||||
| CVE-2017-17896 | 1 Basic Job Site Script Project | 1 Basic Job Site Script | 2018-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Readymade Job Site Script has XSS via the keyword parameter to the /job URI. | |||||
| CVE-2017-17994 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2018-01-09 | 3.5 LOW | 5.4 MEDIUM |
| Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request. | |||||
| CVE-2017-17995 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2018-01-09 | 3.5 LOW | 5.4 MEDIUM |
| Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request. | |||||
| CVE-2017-17993 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2018-01-09 | 3.5 LOW | 5.4 MEDIUM |
| Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request. | |||||
| CVE-2017-17991 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2018-01-09 | 3.5 LOW | 5.4 MEDIUM |
| Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request. | |||||
| CVE-2017-17989 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2018-01-09 | 3.5 LOW | 5.4 MEDIUM |
| Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action. | |||||
| CVE-2017-17719 | 1 Olyos | 1 Wp-concours | 2018-01-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the wp-concours plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the result_message parameter to includes/concours_page.php. | |||||
| CVE-2017-17744 | 1 Webdesi9 | 1 Custom Map | 2018-01-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the custom-map plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter to view/advancedsettings.php. | |||||
| CVE-2017-17752 | 1 Codecrafters | 1 Ability Mail Server | 2018-01-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.2.4. | |||||
| CVE-2011-4541 | 1 Hastymail | 1 Hastymail2 | 2018-01-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Hastymail2 2.1.1 before RC2 allows remote attackers to inject arbitrary web script or HTML via the rs parameter in a mailbox Drafts action. | |||||
| CVE-2011-4540 | 1 Atmail | 1 Atmail Open | 2018-01-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AtMail Open (aka AtMail Open-Source edition) 1.04 allow remote attackers to inject arbitrary web script or HTML via the func parameter to (1) ldap.php or (2) search.php. | |||||
| CVE-2012-0225 | 1 Invensys | 1 Wonderware Information Server | 2018-01-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1512 | 1 Vmware | 1 Vsphere | 2018-01-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the internal browser in vSphere Client in VMware vSphere 4.1 before Update 2 and 5.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via a crafted log-file entry. | |||||
| CVE-2017-1751 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2018-01-05 | 3.5 LOW | 5.4 MEDIUM |
| IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135546. | |||||
| CVE-2011-4955 | 1 Bsuite Project | 1 Bsuite | 2018-01-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in the bSuite plugin before 5 alpha 3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or (2) p parameters to index.php. | |||||
| CVE-2017-17745 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2018-01-05 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter. | |||||
| CVE-2017-17775 | 1 Piwigo | 1 Piwigo | 2018-01-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request. | |||||
| CVE-2017-17753 | 1 Csv-import-export Project | 1 Csv-import-export | 2018-01-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the esb-csv-import-export plugin through 1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cie_type, (2) cie_import, (3) cie_update, or (4) cie_ignore parameter to includes/admin/views/esb-cie-import-export-page.php. | |||||
| CVE-2013-6465 | 1 Redhat | 1 Jbpm | 2018-01-05 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs. | |||||
| CVE-2017-12630 | 1 Apache | 1 Drill | 2018-01-05 | 3.5 LOW | 5.4 MEDIUM |
| In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards. | |||||
| CVE-2017-5006 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | |||||
| CVE-2017-5007 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | |||||
| CVE-2017-7400 | 1 Openstack | 1 Horizon | 2018-01-05 | 3.5 LOW | 4.8 MEDIUM |
| OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping. | |||||
| CVE-2017-5010 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | |||||
| CVE-2017-5020 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page. | |||||
| CVE-2017-5018 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. | |||||
| CVE-2017-5008 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | |||||
| CVE-2017-5085 | 2 Apple, Google | 2 Iphone Os, Chrome | 2018-01-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark. | |||||
| CVE-2016-6320 | 1 Theforeman | 1 Foreman | 2018-01-05 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host interface form. | |||||
| CVE-2016-7033 | 1 Redhat | 1 Jboss Bpm Suite | 2018-01-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-5207 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page. | |||||
| CVE-2016-5181 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages. | |||||
| CVE-2016-5191 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:payload@example.com URL. | |||||
| CVE-2016-5204 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | |||||
| CVE-2016-5205 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferred page loads, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | |||||