Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1553 | 1 Ibm | 1 Infosphere Biginsights | 2017-11-16 | 3.5 LOW | 5.4 MEDIUM |
| IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131397. | |||||
| CVE-2017-1552 | 1 Ibm | 1 Infosphere Biginsights | 2017-11-16 | 4.9 MEDIUM | 5.4 MEDIUM |
| IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 131396. | |||||
| CVE-2017-1290 | 1 Ibm | 1 Openpages Grc Platform | 2017-11-16 | 3.5 LOW | 5.4 MEDIUM |
| IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125151. | |||||
| CVE-2017-1147 | 1 Ibm | 1 Openpages Grc Platform | 2017-11-16 | 3.5 LOW | 5.4 MEDIUM |
| IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122200. | |||||
| CVE-2016-3048 | 1 Ibm | 1 Openpages Grc Platform | 2017-11-16 | 3.5 LOW | 5.4 MEDIUM |
| IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114711. | |||||
| CVE-2012-4567 | 1 Letodms Project | 1 Letodms | 2017-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) inc/inc.ClassUI.php or (2) out/out.DocumentNotify.php. | |||||
| CVE-2017-1000149 | 1 Mahara | 1 Mahara | 2017-11-15 | 3.5 LOW | 5.4 MEDIUM |
| Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target="_blank" and window.open()) | |||||
| CVE-2017-1000146 | 1 Mahara | 1 Mahara | 2017-11-15 | 3.5 LOW | 5.4 MEDIUM |
| Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio page was not being properly escaped in the AJAX script that updates the Add/remove watchlist link on artefact detail pages. | |||||
| CVE-2017-1000144 | 1 Mahara | 1 Mahara | 2017-11-15 | 3.5 LOW | 4.8 MEDIUM |
| Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages. | |||||
| CVE-2017-1000140 | 1 Mahara | 1 Mahara | 2017-11-15 | 3.5 LOW | 5.4 MEDIUM |
| Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file. | |||||
| CVE-2017-1000138 | 1 Mahara | 1 Mahara | 2017-11-15 | 3.5 LOW | 5.4 MEDIUM |
| Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title. | |||||
| CVE-2017-1000137 | 1 Mahara | 1 Mahara | 2017-11-15 | 3.5 LOW | 5.4 MEDIUM |
| Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard (rather than drag and drop). | |||||
| CVE-2017-1000132 | 1 Mahara | 1 Mahara | 2017-11-15 | 3.5 LOW | 4.8 MEDIUM |
| Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file. | |||||
| CVE-2017-5673 | 1 Kunena | 1 Kunena | 2017-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS. Six files are affected: crypsis/layouts/message/item/default.php, crypsis/layouts/message/item/top/default.php, crypsis/layouts/message/item/bottom/default.php, crypsisb3/layouts/message/item/default.php, crypsisb3/layouts/message/item/top/default.php, and crypsisb3/layouts/message/item/bottom/default.php. This is fixed in 5.0.5. | |||||
| CVE-2017-15863 | 1 Wp No External Links Project | 1 Wp No External Links | 2017-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin before 3.5.19 for WordPress via the date1 or date2 parameter to wp-admin/options-general.php. | |||||
| CVE-2017-15885 | 1 Axis | 2 2100 Network Camera, 2100 Network Camera Firmware | 2017-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml. NOTE: this might overlap CVE-2007-5214. | |||||
| CVE-2017-15810 | 1 Popcash | 1 Popcash.net Code Integration Tool | 2017-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| The PopCash.Net Code Integration Tool plugin before 1.1 for WordPress has XSS via the tab parameter to wp-admin/admin.php. | |||||
| CVE-2017-15867 | 1 User-login-history Project | 1 User-login-history | 2017-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin through 1.5.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, (3) user_id, (4) username, (5) country_name, (6) browser, (7) operating_system, or (8) ip_address parameter to admin/partials/listing/listing.php. | |||||
| CVE-2012-4569 | 1 Letodms Project | 1 Letodms | 2017-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in out/out.UsrMgr.php in LetoDMS (formerly MyDMS) before 3.3.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-15936 | 1 Artica | 1 Pandora Fms | 2017-11-14 | 3.5 LOW | 5.4 MEDIUM |
| In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed. | |||||
| CVE-2017-15934 | 1 Artica | 1 Pandora Fms | 2017-11-14 | 3.5 LOW | 5.4 MEDIUM |
| Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scripting in the map name parameter. | |||||
| CVE-2017-15878 | 1 Keystonejs | 1 Keystone | 2017-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature. | |||||
| CVE-2017-15811 | 1 Pootlepress | 1 Pootle Button | 2017-11-14 | 3.5 LOW | 5.4 MEDIUM |
| The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assets_url parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php. | |||||
| CVE-2017-1363 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2017-11-13 | 3.5 LOW | 5.4 MEDIUM |
| IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126856. | |||||
| CVE-2017-1164 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2017-11-13 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123036. | |||||
| CVE-2017-1169 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2017-11-13 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123188. | |||||
| CVE-2016-3049 | 1 Ibm | 1 Openpages Grc Platform | 2017-11-13 | 3.5 LOW | 5.4 MEDIUM |
| IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 114712. | |||||
| CVE-2016-1000115 | 1 Huge-it | 1 Portfolio Gallery Manager | 2017-11-13 | 6.5 MEDIUM | 7.2 HIGH |
| Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS | |||||
| CVE-2017-15273 | 1 Mahara | 1 Mahara | 2017-11-13 | 3.5 LOW | 5.4 MEDIUM |
| Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts. | |||||
| CVE-2017-14752 | 1 Mahara | 1 Mahara | 2017-11-13 | 3.5 LOW | 5.4 MEDIUM |
| Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara. | |||||
| CVE-2017-14354 | 1 Hp | 1 Ucmdb Foundation Software | 2017-11-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site scripting. | |||||
| CVE-2017-14726 | 1 Wordpress | 1 Wordpress | 2017-11-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. | |||||
| CVE-2017-14721 | 1 Wordpress | 1 Wordpress | 2017-11-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name. | |||||
| CVE-2017-14720 | 1 Wordpress | 1 Wordpress | 2017-11-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. | |||||
| CVE-2017-14718 | 1 Wordpress | 1 Wordpress | 2017-11-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. | |||||
| CVE-2017-14724 | 1 Wordpress | 1 Wordpress | 2017-11-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery. | |||||
| CVE-2011-2461 | 1 Adobe | 1 Flex Sdk | 2017-11-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains. | |||||
| CVE-2017-15646 | 1 Webmin | 1 Webmin | 2017-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload that will lead to Remote Code Execution, as demonstrated by an OS command in the value attribute of a name='cmd' input element. | |||||
| CVE-2010-1023 | 1 Taskcenter Recent Project | 1 Taskcenter Recent | 2017-11-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the UserTask Center, Recent (taskcenter_recent) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-2274 | 1 Buffalo | 4 Wmr-433, Wmr-433 Firmware, Wmr-433w and 1 more | 2017-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-15648 | 1 Phpsugar | 1 Php Melody | 2017-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter. | |||||
| CVE-2017-15612 | 1 Mistune Project | 1 Mistune | 2017-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions. | |||||
| CVE-2017-15291 | 1 Tp-link | 2 Tl-mr3220, Tl-mr3220 Firmware | 2017-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering page in TP-LINK TL-MR3220 wireless routers allows remote attackers to inject arbitrary web script or HTML via the Description field. | |||||
| CVE-2010-3659 | 1 Typo3 | 1 Typo3 | 2017-11-07 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified parameters to unknown backend forms. | |||||
| CVE-2014-0029 | 1 Redhat | 1 Subscription Asset Manager | 2017-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2017-15362 | 1 Osticket | 1 Osticket | 2017-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application. This affects a different tickets.php file than CVE-2015-1176. | |||||
| CVE-2017-8024 | 1 Emc | 1 Isilon Onefs | 2017-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-15375 | 1 Wpjobboard | 1 Wpjobboard | 2017-11-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the `query` and `id` parameters of the `wpjb-email`, `wpjb-job`, `wpjb-application`, and `wpjb-membership` modules. Remote attackers are able to inject malicious script code to hijack admin session credentials via the backend, or to manipulate the backend on client-side performed requests. The attack vector is non-persistent and the request method to inject is GET. The attacker does not need a privileged user account to perform a successful exploitation. | |||||
| CVE-2017-1503 | 1 Ibm | 1 Websphere Application Server | 2017-11-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578. | |||||
| CVE-2017-5488 | 1 Wordpress | 1 Wordpress | 2017-11-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin. | |||||