Total
29277 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1761 | 1 Ibm | 1 Websphere Portal | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136005. | |||||
| CVE-2018-12462 | 1 Netiq | 1 Imanager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities. | |||||
| CVE-2018-0339 | 1 Cisco | 1 Identity Services Engine Software | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf72309. | |||||
| CVE-2018-10164 | 1 Tp-link | 1 Eap Controller | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is fixed in version 2.6.1_Windows. | |||||
| CVE-2018-0199 | 1 Cisco | 1 Jabber | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in Cisco Jabber Client Framework (JCF) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of script in attributes in a web page. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. An exploit could allow the attacker to perform remote code execution. Cisco Bug IDs: CSCve53989. | |||||
| CVE-2018-6868 | 1 Groupon Clone Script Project | 1 Groupon Clone Script | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field parameter. | |||||
| CVE-2018-12903 | 1 Cyberark | 1 Endpoint Privilege Manager | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application Group Wizard. | |||||
| CVE-2018-1136 | 1 Moodle | 1 Moodle | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users. | |||||
| CVE-2018-6655 | 1 Doctor Search Script Project | 1 Doctor Search Script | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an arbitrary profile field. | |||||
| CVE-2018-11583 | 1 Seacms | 1 Seacms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter. | |||||
| CVE-2018-10298 | 1 Discuz | 1 Discuzx | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content. | |||||
| CVE-2018-10076 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality (the search box of the Dashboard). | |||||
| CVE-2018-5965 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter. | |||||
| CVE-2018-1396 | 1 Ibm | 1 Rational Quality Manager | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138429. | |||||
| CVE-2018-6469 | 1 Flickrrss Project | 1 Flickrrss | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_tags parameter to wp-admin/options-general.php. | |||||
| CVE-2015-7458 | 1 Ibm | 1 Connections | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108354. | |||||
| CVE-2017-1000509 | 1 Dolibarr | 1 Dolibarr | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code. | |||||
| CVE-2018-7722 | 1 Piwigo | 1 Piwigo | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible. | |||||
| CVE-2017-18176 | 1 Progress | 1 Sitefinity | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1. | |||||
| CVE-2015-6544 | 1 Combodo | 1 Itop | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title. | |||||