Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0533 | 4 Adobe, Apple, Linux and 1 more | 6 Adobe Air, Adobe Air Sdk, Flash Player and 3 more | 2017-12-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0531 and CVE-2014-0532. | |||||
| CVE-2017-17451 | 1 Wpmailster | 1 Wp Mailster | 2017-12-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php. | |||||
| CVE-2017-17431 | 1 Genixcms | 1 Genixcms | 2017-12-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, term, to, or token parameter. NOTE: this might overlap CVE-2017-14761, CVE-2017-14762, or CVE-2017-14765. | |||||
| CVE-2017-17569 | 1 Scubez | 1 Posty Readymade Classifieds | 2017-12-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Scubez Posty Readymade Classifieds has XSS via the admin/user_activate_submit.php ID parameter. | |||||
| CVE-2017-16681 | 1 Sap | 1 Business Intelligence Promotion Management Application | 2017-12-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as user controlled inputs are not sufficiently encoded. | |||||
| CVE-2017-16685 | 1 Sap | 1 Business Warehouse Universal Data Integration | 2017-12-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs. | |||||
| CVE-2017-17096 | 1 Content Cards Project | 1 Content Cards | 2017-12-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Content Cards plugin before 0.9.7 for WordPress allows remote attackers to inject arbitrary JavaScript via crafted OpenGraph data. | |||||
| CVE-2017-17057 | 1 Zkteco | 1 Zktime Web | 2017-12-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the 'Range' field of the 'Department' module in a Personnel Advanced Query. A remote attacker can execute arbitrary HTML and script code in the browser in the context of the vulnerable application. | |||||
| CVE-2017-17694 | 1 Techno - Portfolio Management Panel Project | 1 Techno - Portfolio Management Panel | 2017-12-21 | 3.5 LOW | 5.4 MEDIUM |
| Techno - Portfolio Management Panel through 2017-11-16 allows XSS via the panel/search.php s parameter. | |||||
| CVE-2017-14379 | 1 Emc | 1 Rsa Authentication Manager | 2017-12-20 | 3.5 LOW | 5.4 MEDIUM |
| EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-1549 | 1 Ibm | 1 Sterling File Gateway | 2017-12-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131289. | |||||
| CVE-2017-10896 | 1 Buffalo | 4 Bbr-4hg, Bbr-4hg Firmware, Bbr-4mg and 1 more | 2017-12-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-2156 | 1 Plume-cms | 1 Plume Cms | 2017-12-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field) to manager/users.php, (2) the u_realname parameter (aka Authors Name field) to manager/users.php, or (3) the c_author parameter (aka Author field) in an ADD A COMMENT section. | |||||
| CVE-2017-17059 | 1 Amtythumb Project | 1 Amtythumb | 2017-12-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php. | |||||
| CVE-2017-14516 | 1 Sap | 1 Businessobjects Financial Consolidation | 2017-12-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note 2422292. | |||||
| CVE-2017-1482 | 1 Ibm | 1 Sterling B2b Integrator | 2017-12-19 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128620. | |||||
| CVE-2017-1465 | 1 Ibm | 1 Tririga Application Platform | 2017-12-19 | 3.5 LOW | 5.4 MEDIUM |
| IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 128464. | |||||
| CVE-2017-1498 | 1 Ibm | 1 Connections | 2017-12-19 | 3.5 LOW | 5.4 MEDIUM |
| IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129020. | |||||
| CVE-2017-1354 | 1 Ibm | 1 Atlas Ediscovery Process Management | 2017-12-19 | 3.5 LOW | 5.4 MEDIUM |
| IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126681. | |||||
| CVE-2017-16856 | 1 Atlassian | 1 Confluence | 2017-12-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme. | |||||
| CVE-2012-0740 | 1 Ibm | 1 Tivoli Directory Server | 2017-12-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.22 and 6.3 before 6.3.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-2404 | 1 Wordpress | 1 Wordpress | 2017-12-19 | 4.3 MEDIUM | N/A |
| wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | |||||
| CVE-2012-2403 | 1 Wordpress | 1 Wordpress | 2017-12-19 | 4.3 MEDIUM | N/A |
| wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | |||||
| CVE-2014-0331 | 1 Fortinet | 9 Fortiadc-1000e, Fortiadc-1500d, Fortiadc-2000d and 6 more | 2017-12-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/. | |||||
| CVE-2014-0509 | 4 Adobe, Apple, Linux and 1 more | 6 Adobe Air, Adobe Air Sdk, Flash Player and 3 more | 2017-12-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-2856 | 1 Apple | 1 Cups | 2017-12-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function. | |||||
| CVE-2017-17043 | 1 Zitec | 1 Emag Marketplace Connector | 2017-12-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly. | |||||
| CVE-2017-3104 | 2 Adobe, Microsoft | 2 Robohelp, Windows | 2017-12-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2. | |||||
| CVE-2017-16841 | 1 Lansweeper | 1 Lansweeper | 2017-12-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx. | |||||
| CVE-2017-14197 | 1 Squiz | 1 Matrix | 2017-12-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting (XSS) issues in Matrix WYSIWYG plugins. | |||||
| CVE-2017-11287 | 1 Adobe | 1 Connect | 2017-12-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure. | |||||
| CVE-2017-11289 | 1 Adobe | 1 Connect | 2017-12-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure. | |||||
| CVE-2017-11296 | 1 Adobe | 1 Experience Manager | 2017-12-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager. | |||||
| CVE-2017-11288 | 1 Adobe | 1 Connect | 2017-12-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure. | |||||
| CVE-2017-3109 | 1 Adobe | 1 Experience Manager | 2017-12-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has a reflected cross-site scripting vulnerability in the HtmlRendererServlet. | |||||
| CVE-2012-1245 | 1 Osqa | 1 Osqa | 2017-12-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the cleanup_urls function in forum/utils/html.py in OSQA before 1234, and 0.9.0 Beta 3 and earlier, allows remote attackers to inject arbitrary web script or HTML via vectors related to a crafted URI. | |||||
| CVE-2012-2001 | 1 Hp | 1 Snmp Agents For Linux | 2017-12-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP SNMP Agents for Linux before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-2234 | 1 Teampass | 1 Teampass | 2017-12-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an add_new_user action. | |||||
| CVE-2017-2135 | 1 Wp-statistics | 1 Wp Statistics | 2017-12-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-8178 | 1 Huawei | 2 Vicky-al00, Vicky-al00 Firmware | 2017-12-12 | 3.5 LOW | 5.4 MEDIUM |
| Huawei Email APP Vicky-AL00 smartphones with software of earlier than VKY-AL00C00B171 versions has a stored cross-site scripting vulnerability. A remote attacker could exploit this vulnerability to send email that storing malicious code to a smartphone and waiting for a user to access this email that triggers execution of the code. An exploit could allow the attacker to execute arbitrary script code on the affected device. | |||||
| CVE-2017-16962 | 1 Communigate | 1 Communigate Pro | 2017-12-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a crafted Outlook.com calendar (aka Hotmail Calendar) invitation, (3) e-mail granting access to a directory that has JavaScript in its name, (4) JavaScript in a note name, (5) JavaScript in a task name, or (6) HTML e-mail that is mishandled in the Inbox component. | |||||
| CVE-2017-16904 | 1 Lvyecms Project | 1 Lvyecms | 2017-12-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator. | |||||
| CVE-2017-16881 | 1 Symphony Project | 1 Symphony | 2017-12-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService.java, service/AvatarQueryService.java, and service/CommentQueryService.java. | |||||
| CVE-2017-8139 | 1 Huawei | 1 Hedex Lite | 2017-12-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| HedEx Earlier than V200R006C00 versions have the stored cross-site scripting (XSS) vulnerability. Attackers can exploit the vulnerability to plant malicious scripts into the configuration file to interrupt the services of legitimate users. | |||||
| CVE-2017-8127 | 1 Huawei | 1 Uma | 2017-12-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks. | |||||
| CVE-2017-8125 | 1 Huawei | 1 Uma | 2017-12-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The UMA product with software V200R001 and V300R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks. | |||||
| CVE-2009-3742 | 1 Liferay | 1 Liferay Portal | 2017-12-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Liferay Portal before 5.3.0 allows remote attackers to inject arbitrary web script or HTML via the p_p_id parameter. | |||||
| CVE-2009-2851 | 1 Wordpress | 1 Wordpress | 2017-12-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL. | |||||
| CVE-2015-0882 | 1 Zen-cart | 1 Zen Cart | 2017-12-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to admin/includes/init_includes/init_sanitize.php and includes/init_includes/init_sanitize.php. | |||||
| CVE-2017-15051 | 1 Teampass | 1 Teampass | 2017-12-07 | 3.5 LOW | 5.4 MEDIUM |
| Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or (2) user log history. To exploit the vulnerability, the attacker must be first authenticated to the application. For the first one, the attacker has to simply inject XSS code within the URL field of a shared item. For the second one however, the attacker must prepare a payload within its profile, and then ask an administrator to modify its profile. From there, whenever the administrator accesses the log, it can be XSS'ed. | |||||