Total
29080 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1275 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Quality Manager | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124750. | |||||
| CVE-2018-7302 | 1 Tiki | 1 Tiki | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS. | |||||
| CVE-2018-5754 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard. | |||||
| CVE-2018-11473 | 1 Monstra | 1 Monstra | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration). | |||||
| CVE-2018-1000078 | 2 Debian, Rubygems | 2 Debian Linux, Rubygems | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6. | |||||
| CVE-2018-0921 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | |||||
| CVE-2017-1000392 | 1 Jenkins | 1 Jenkins | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than characters. | |||||
| CVE-2018-7678 | 1 Netiq | 1 Access Manager | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4. | |||||
| CVE-2018-7747 | 1 Calderalabs | 1 Caldera Forms | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log, or (3) an imported form. | |||||
| CVE-2018-5963 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter. | |||||
| CVE-2018-0923 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0944 and CVE-2018-0947. | |||||
| CVE-2018-1014 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2024-02-04 | 4.9 MEDIUM | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-1005, CVE-2018-1032, CVE-2018-1034. | |||||
| CVE-2017-8953 | 1 Hp | 2 Loadrunner, Performance Center | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A Remote Cross-Site Scripting (XSS) vulnerability in HPE LoadRunner v12.53 and earlier and HPE Performance Center version v12.53 and earlier was found. | |||||
| CVE-2017-2610 | 1 Jenkins | 1 Jenkins | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names (SECURITY-388). | |||||
| CVE-2017-18090 | 1 Atlassian | 1 Fisheye | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author. | |||||
| CVE-2018-1000202 | 1 Jenkins | 1 Groovy Postbuild | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. | |||||
| CVE-2018-6958 | 1 Vmware | 1 Vrealize Automation | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation. | |||||
| CVE-2018-11628 | 1 Emssoftware | 1 Ems Master Calendar | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS. | |||||
| CVE-2018-7681 | 1 Microfocus | 1 Solutions Business Manager | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system. | |||||
| CVE-2018-11568 | 1 Cactusthemes | 1 Gameplan-event And Gym Fitness | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for WordPress because of insufficient input sanitization, as demonstrated by the s parameter. In some (but not all) cases, the '<' and '>' characters have < and > representations. | |||||