Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1564 | 1 Wordpress | 1 Wordpress | 2017-11-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/class-wp-theme.php in WordPress before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a (1) stylesheet name or (2) template name to wp-admin/customize.php. | |||||
| CVE-2017-14313 | 1 Shibboleth Project | 1 Shibboleth | 2017-11-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The shibboleth_login_form function in shibboleth.php in the Shibboleth plugin before 1.8 for WordPress is prone to an XSS vulnerability due to improper use of add_query_arg(). | |||||
| CVE-2015-5953 | 1 Owncloud | 1 Owncloud | 2017-11-04 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " (double quote) character in a filename in a shared folder. | |||||
| CVE-2015-5714 | 1 Wordpress | 1 Wordpress | 2017-11-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags. | |||||
| CVE-2015-5734 | 1 Wordpress | 1 Wordpress | 2017-11-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a crafted string. | |||||
| CVE-2015-5622 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2017-11-04 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.php. | |||||
| CVE-2015-5732 | 1 Wordpress | 1 Wordpress | 2017-11-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title. | |||||
| CVE-2016-6634 | 1 Wordpress | 1 Wordpress | 2017-11-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-5490 | 1 Wordpress | 1 Wordpress | 2017-11-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php. | |||||
| CVE-2015-7989 | 1 Wordpress | 1 Wordpress | 2017-11-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the user list table in WordPress before 4.3.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted e-mail address, a different vulnerability than CVE-2015-5714. | |||||
| CVE-2016-7168 | 1 Wordpress | 1 Wordpress | 2017-11-04 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a crafted filename. | |||||
| CVE-2015-2665 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2017-11-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-8016 | 1 Emc | 1 Archer Grc Platform | 2017-11-03 | 3.5 LOW | 5.4 MEDIUM |
| RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. | |||||
| CVE-2017-8017 | 1 Emc | 1 Smarts Network Configuration Manager | 2017-11-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-14498 | 1 Silverstripe | 1 Silverstripe | 2017-11-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017. | |||||
| CVE-2017-1000088 | 1 Jenkins | 1 Sidebar Link | 2017-11-02 | 3.5 LOW | 5.4 MEDIUM |
| The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links. | |||||
| CVE-2017-1000103 | 1 Jenkins | 1 Dry | 2017-11-01 | 3.5 LOW | 5.4 MEDIUM |
| The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view. | |||||
| CVE-2017-1000102 | 1 Jenkins | 1 Static Analysis Utilities | 2017-11-01 | 3.5 LOW | 5.4 MEDIUM |
| The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view. | |||||
| CVE-2014-0208 | 1 Theforeman | 1 Foreman | 2017-11-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name. | |||||
| CVE-2017-15360 | 1 Paessler | 1 Prtg Network Monitor | 2017-11-01 | 3.5 LOW | 5.4 MEDIUM |
| PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all group names created, related to incorrect error handling for an HTML encoded script. | |||||
| CVE-2017-15380 | 1 Softwarepublico | 1 E-sic | 2017-10-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester's registration area) via the nome parameter. | |||||
| CVE-2017-15872 | 1 Phpwcms | 1 Phpwcms | 2017-10-31 | 3.5 LOW | 4.8 MEDIUM |
| phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the username (aka new_login) field. | |||||
| CVE-2012-4377 | 1 Mediawiki | 1 Mediawiki | 2017-10-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image. | |||||
| CVE-2012-4378 | 1 Mediawiki | 1 Mediawiki | 2017-10-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web script or HTML via the userlang parameter to w/index.php. | |||||
| CVE-2017-1521 | 1 Ibm | 1 Bigfix Platform | 2017-10-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications (IBM BigFix Platform 9.2 and 9.5) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129831. | |||||
| CVE-2017-7733 | 1 Fortinet | 1 Fortios | 2017-10-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter. | |||||
| CVE-2017-1000058 | 1 Chevereto | 1 Chevereto | 2017-10-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, one in the user profile and one in the Exif data parser. | |||||
| CVE-2017-7203 | 1 Zoneminder | 1 Zoneminder | 2017-10-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2014-3531 | 1 Theforeman | 1 Foreman | 2017-10-27 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description. | |||||
| CVE-2017-15213 | 1 Flyspray | 1 Flyspray | 2017-10-27 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl. | |||||
| CVE-2017-15214 | 1 Flyspray | 1 Flyspray | 2017-10-27 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php. | |||||
| CVE-2017-15215 | 1 Shaarli Project | 1 Shaarli | 2017-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global settings or add/delete links. It is also possible to execute JavaScript against unauthenticated users. | |||||
| CVE-2017-15216 | 1 Misp-project | 1 Misp | 2017-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| MISP before 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.js. | |||||
| CVE-2017-15384 | 1 Phpjabbers | 1 Rate Me | 2017-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| rate-me.php in Rate Me 1.0 has XSS via the id field in a rate action. | |||||
| CVE-2017-15287 | 1 Bouqueteditor Project | 1 Bouqueteditor | 2017-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI. | |||||
| CVE-2017-14973 | 1 Identicard | 1 Two-reader Controller Configuration Manager | 2017-10-27 | 3.5 LOW | 5.4 MEDIUM |
| IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user page). | |||||
| CVE-2015-6521 | 1 Atutor | 1 Atutor | 2017-10-27 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS version 2.2. | |||||
| CVE-2014-9677 | 1 Flowpaper | 1 Flexpaper | 2017-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in FlexPaperViewer.swf in Flexpaper before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the Swfile parameter. | |||||
| CVE-2017-1209 | 1 Ibm | 1 Daeja Viewone | 2017-10-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123849. | |||||
| CVE-2017-14372 | 1 Rsa | 1 Archer Grc Platform | 2017-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. | |||||
| CVE-2017-14370 | 1 Rsa | 1 Archer Grc Platform | 2017-10-27 | 3.5 LOW | 5.4 MEDIUM |
| RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. | |||||
| CVE-2017-14371 | 1 Rsa | 1 Archer Grc Platform | 2017-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. | |||||
| CVE-2017-15278 | 1 Teampass | 1 Teampass | 2017-10-26 | 3.5 LOW | 5.4 MEDIUM |
| Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2014-8087 | 1 Post Highlights Projects | 1 Post Highlights | 2017-10-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the post highlights plugin before 2.6.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the txt parameter in a headline action to ajax/ph_save.php. | |||||
| CVE-2017-1522 | 1 Ibm | 1 Content Navigator | 2017-10-25 | 3.5 LOW | 5.4 MEDIUM |
| IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129832. | |||||
| CVE-2017-15305 | 1 Nexusphp Project | 1 Nexusphp | 2017-10-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php. | |||||
| CVE-2017-15279 | 1 Umbraco | 1 Umbraco Cms | 2017-10-25 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and Umbraco.Web/umbraco.presentation/umbraco/dialogs/notifications.aspx.cs. | |||||
| CVE-2017-15219 | 1 Dotcms | 1 Dotcms | 2017-10-25 | 3.5 LOW | 5.4 MEDIUM |
| The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field. | |||||
| CVE-2016-10515 | 1 Redmine | 1 Redmine | 2017-10-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages. | |||||
| CVE-2017-15809 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-10-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag. | |||||