Total
29077 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15717 | 1 Apache | 2 Sling Xss Protection Api, Sling Xss Protection Api Compat | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 and Apache Sling XSS Protection API 2.0.0. | |||||
| CVE-2017-12948 | 1 Pressforward | 1 Pressforward | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF. | |||||
| CVE-2016-9834 | 1 Sophos | 2 Cyberoam, Cyberoam Firmware | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of a request to the "LiveConnectionDetail.jsp" application. GET parameters "applicationname" and "username" are improperly sanitized allowing an attacker to inject arbitrary JavaScript into the page. This can be abused by an attacker to perform a cross-site scripting attack on the user. A vulnerable URI is /corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp. | |||||
| CVE-2018-5280 | 1 Sonicwall | 8 Nsa 250m, Nsa 2600, Nsa 2650 and 5 more | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens. | |||||
| CVE-2015-7672 | 1 Centreon | 1 Centreon | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Centreon 2.6.1 (fixed in Centreon 18.10.0 and Centreon web 2.8.27). | |||||
| CVE-2017-5532 | 1 Tibco | 5 Jasperreports Library, Jasperreports Server, Jaspersoft and 2 more | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow a subset of authorized users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO JasperReports Server 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0 and below, TIBCO JasperReports Library 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0; 6.4.1, TIBCO JasperReports Library for ActiveMatrix BPM 6.4.1 and below, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0 and below, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0 and below, TIBCO Jaspersoft Studio 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, and TIBCO Jaspersoft Studio for ActiveMatrix BPM 6.4.0 and below. | |||||
| CVE-2016-7817 | 1 Simple Keitai Chat Project | 1 Simple Keitai Chat | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Simple keitai chat 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-18010 | 1 E-goi | 1 Smart Marketing Sms And Newsletters Forms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The E-goi Smart Marketing SMS and Newsletters Forms plugin before 2.0.0 for WordPress has XSS via the admin/partials/custom/egoi-for-wp-form_egoi.php url parameter. | |||||
| CVE-2017-10701 | 1 Sap | 1 Enterprise Portal | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516. | |||||
| CVE-2017-1303 | 1 Ibm | 1 Websphere Portal | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125457. | |||||
| CVE-2017-1104 | 1 Ibm | 1 Rational Quality Manager | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120666. | |||||
| CVE-2018-5651 | 1 Dark Mode Project | 1 Dark Mode | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_start parameter. | |||||
| CVE-2017-2338 | 1 Juniper | 1 Screenos | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue. | |||||
| CVE-2017-15305 | 1 Nexusphp Project | 1 Nexusphp | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php. | |||||
| CVE-2016-8952 | 1 Ibm | 1 Emptoris Strategic Supply Management | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118839. | |||||
| CVE-2017-14724 | 1 Wordpress | 1 Wordpress | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery. | |||||
| CVE-2012-5636 | 1 Apache | 1 Wicket | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via vectors related to <script> tags in a rendered response. | |||||
| CVE-2017-11179 | 1 Finecms Project | 1 Finecms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| FineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account. | |||||
| CVE-2017-1447 | 1 Ibm | 1 Emptoris Sourcing | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172. | |||||
| CVE-2017-3150 | 1 Apache | 1 Atlas | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script. | |||||