Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6540 | 1 Webpagetest Project | 1 Webpagetest | 2017-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (configs) passed to the webpagetest-master/www/benchmarks/compare.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-5621 | 1 Zammad | 1 Zammad | 2017-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. XSS can be triggered via malicious HTML in a chat message or the content of a ticket article, when using either the REST API or the WebSocket API. | |||||
| CVE-2016-0770 | 1 Zahmit Design | 1 Connections Business Directory Plugin | 2017-03-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in includes/admin/pages/manage.php in the Connections Business Directory plugin before 8.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s variable. | |||||
| CVE-2017-6061 | 1 Sap | 1 Businessobjects Financial Consolidation | 2017-03-16 | 4.3 MEDIUM | 4.7 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET request. /finance/help/en/frameset.htm is the URI for this component. The vendor response is SAP Security Note 2368106. | |||||
| CVE-2017-6443 | 1 Epson | 1 Tmnet Webconfig | 2017-03-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1. | |||||
| CVE-2016-8011 | 1 Intel Security Mcafee | 1 Endpoint Security Web Control | 2017-03-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Intel Security McAfee Endpoint Security (ENS) Web Control before 10.2.0.408.10 allows attackers to inject arbitrary web script or HTML via a crafted web site. | |||||
| CVE-2017-6877 | 1 Lutim Project | 1 Lutim | 2017-03-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in SVG file handling in Lutim 0.7.1 and earlier allows remote attackers to inject arbitrary web script. | |||||
| CVE-2016-8232 | 1 Ibm | 3 Advanced Management Module, Advanced Management Module Firmware, Bladecenter | 2017-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information. | |||||
| CVE-2017-6807 | 1 Uninett | 1 Mod Auth Mellon | 2017-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site. | |||||
| CVE-2014-3926 | 1 Lg Project | 1 Lg | 2017-03-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in lg.cgi in Cougar LG 1.9 allows remote attackers to inject arbitrary web script or HTML via the "addr" parameter. | |||||
| CVE-2017-6503 | 1 Qbittorrent | 1 Qbittorrent | 2017-03-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS. | |||||
| CVE-2016-9006 | 1 Ibm | 1 Urbancode Deploy | 2017-03-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: C1000264. | |||||
| CVE-2017-6544 | 1 Wuhu Project | 1 Wuhu | 2017-03-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Gargaj/wuhu through 2017-03-08 is vulnerable to a reflected XSS in wuhu-master/www_admin/users.php (id parameter). | |||||
| CVE-2017-6589 | 1 Epiceditor Project | 1 Epiceditor | 2017-03-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| EpicEditor through 0.2.3 has Cross-Site Scripting because of an insecure default marked.js configuration. An example attack vector is a crafted IMG element in an HTML document. | |||||
| CVE-2017-6511 | 1 Finecms Project | 1 Finecms | 2017-03-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php. | |||||
| CVE-2016-4946 | 1 Cloudera | 1 Hue | 2017-03-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page. | |||||
| CVE-2016-4948 | 1 Cloudera | 1 Manager | 2017-03-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Template Name field when renaming a template; (2) KDC Server host, (3) Kerberos Security Realm, (4) Kerberos Encryption Types, (5) Advanced Configuration Snippet (Safety Valve) for [libdefaults] section of krb5.conf, (6) Advanced Configuration Snippet (Safety Valve) for the Default Realm in krb5.conf, (7) Advanced Configuration Snippet (Safety Valve) for remaining krb5.conf, or (8) Active Directory Account Prefix fields in the Kerberos wizard; or (9) classicWizard parameter to cmf/cloudera-director/redirect. | |||||
| CVE-2017-6446 | 1 Dotclear | 1 Dotclear | 2017-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters. | |||||
| CVE-2017-6483 | 1 Atutor | 1 Atutor | 2017-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (lang_code in themes/*/admin/system_preferences/language_edit.tmpl.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-6481 | 1 Phpipam | 1 Phpipam | 2017-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross-Site Scripting (XSS) issues were discovered in phpipam 1.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (instructions in app/admin/instructions/preview.php; subnetId in app/admin/powerDNS/refresh-ptr-records.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-6480 | 1 Groovel Project | 1 Cmsgroovel | 2017-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS in commons/browser.php (path parameter). | |||||
| CVE-2017-6479 | 1 Fenix Hosting | 1 Fenix-open-source | 2017-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a reflected XSS in forums/search.php (search-by-topic parameter). | |||||
| CVE-2017-6509 | 1 Burgundy-cms Project | 1 Burgundy-cms | 2017-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a reflected XSS in admin/components/menu/views/menuitems.php (id parameter). | |||||
| CVE-2016-9148 | 1 Ca | 1 Service Desk Manager | 2017-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM parameter. | |||||
| CVE-2017-6485 | 1 Php-calendar | 1 Php-calendar | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the "php-calendar-master/error.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2016-10202 | 1 Zoneminder | 1 Zoneminder | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php. | |||||
| CVE-2016-10201 | 1 Zoneminder | 1 Zoneminder | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php. | |||||
| CVE-2015-8815 | 1 Umbraco | 1 Umbraco | 2017-03-07 | 5.0 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page. | |||||
| CVE-2017-5616 | 1 Cpanel | 2 Cgiecho, Cgiemail | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter. | |||||
| CVE-2017-5832 | 1 Revive-adserver | 1 Revive Adserver | 2017-03-07 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address. | |||||
| CVE-2017-6390 | 1 Soruly | 1 Whatanime.ga | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in whatanime.ga before c334dd8499a681587dd4199e90b0aa0eba814c1d. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "whatanime.ga-master/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-6396 | 1 Webpagetest Project | 1 Webpagetest | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in WPO-Foundation WebPageTest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "webpagetest-master/www/compare-cf.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-5833 | 1 Revive-adserver | 1 Revive Adserver | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2017-3847 | 1 Cisco | 1 Firepower Management Center | 2017-03-07 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc72741. Known Affected Releases: 6.2.1. | |||||
| CVE-2017-6391 | 1 Kaltura | 1 Kaltura Server | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "admin_console/web/tools/SimpleJWPlayer.php" URL, the "admin_console/web/tools/AkamaiBroadcaster.php" URL, the "admin_console/web/tools/bigRedButton.php" URL, and the "admin_console/web/tools/bigRedButtonPtsPoc.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-6392 | 1 Kaltura | 1 Kaltura Server | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "server-Lynx-12.11.0/admin_console/web/tools/XmlJWPlayer.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-6393 | 1 Nagvis | 1 Nagvis | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in NagVis 1.9b12. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "nagvis-master/share/userfiles/gadgets/std_table.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-6395 | 1 Hashover Project | 1 Hashover | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in HashOver 2.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the 'hashover/scripts/widget-output.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2016-10216 | 1 Sivann | 1 It Items Database | 2017-03-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The vulnerability exists due to insufficient filtration of user-supplied data in the "value" HTTP POST parameter passed to the "itdb-1.23/js/DataTables-1.8.2/examples/examples_support/editable_ajax.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2016-10215 | 1 Fastspot | 1 Bigtree-form-builder | 2017-03-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Fastspot BigTree bigtree-form-builder before 1.2. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP POST parameters passed to a "site/index.php/../../extensions/com.fastspot.form-builder/ajax/redraw-field.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2016-5932 | 1 Ibm | 1 Connections | 2017-03-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998294. | |||||
| CVE-2015-8831 | 1 Dotclear | 1 Dotclear | 2017-03-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment. | |||||
| CVE-2016-3018 | 1 Ibm | 3 Security Access Manager, Security Access Manager For Mobile, Security Access Manager For Web | 2017-03-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2015-8862 | 1 Mustache.js Project | 1 Mustache.js | 2017-03-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted. | |||||
| CVE-2015-8856 | 1 Nodejs | 1 Node.js | 2017-03-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name. | |||||
| CVE-2017-5961 | 1 Ionizecms | 1 Ionize | 2017-03-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in ionize through 1.0.8. The vulnerability exists due to insufficient filtration of user-supplied data in the "path" HTTP GET parameter passed to the "ionize-master/themes/admin/javascript/tinymce/jscripts/tiny_mce/plugins/codemirror/dialog.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-5960 | 1 Phalconeye Project | 1 Phalconeye | 2017-03-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Phalcon Eye through 0.4.1. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "phalconeye-master/public/external/pydio/plugins/editor.webodf/frame.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-5990 | 1 Phreesoft | 1 Phreebookserp | 2017-03-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in PhreeBooksERP before 2017-02-13. The vulnerability exists due to insufficient filtration of user-supplied data in the "form" HTTP GET parameter passed to the "PhreeBooksERP-master/extensions/ShippingMethods/ups/label_mgr/js_include.php" and "PhreeBooksERP-master/extensions/ShippingMethods/yrc/label_mgr/js_include.php" URLs. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. NOTE: these js_include.php files do not exist in the SourceForge "stable release" (aka R37RC1). | |||||
| CVE-2017-5945 | 1 Poodll | 1 Moodle-filter Poodll | 2017-03-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the "poodll_audio_url" HTTP GET parameter passed to the "filter_poodll_moodle32_2016112802/poodll/mp3recorderskins/brazil/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2016-9259 | 1 Tenable | 1 Nessus | 2017-03-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||