Total
29077 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2216 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-1189 | 1 Ibm | 1 Websphere Portal | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123558. | |||||
| CVE-2017-12680 | 1 Nexusphp Project | 1 Nexusphp | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php. | |||||
| CVE-2018-5212 | 1 Simple Download Monitor Project | 1 Simple Download Monitor | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php. | |||||
| CVE-2016-7509 | 1 Glpi-project | 1 Glpi | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket. | |||||
| CVE-2017-12358 | 1 Cisco | 1 Jabber | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf79080, CSCvf79088. | |||||
| CVE-2017-17059 | 1 Amtythumb Project | 1 Amtythumb | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php. | |||||
| CVE-2015-7316 | 1 Plone | 1 Plone | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1. | |||||
| CVE-2017-12879 | 1 Paessler | 1 Prtg Network Monitor | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENSORS functionality in Paessler PRTG Network Monitor before 17.3.33.2654 allows authenticated remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2017-1553 | 1 Ibm | 1 Infosphere Biginsights | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131397. | |||||
| CVE-2017-11629 | 1 Finecms | 1 Finecms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request. | |||||
| CVE-2015-4699 | 1 Cloud4wi | 1 Splash Portal | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Splash Portal in Cloud4Wi before 5.9.7 allows remote attackers to inject arbitrary web script or HTML via the recoveryMessage parameter to the default URI. | |||||
| CVE-2017-13778 | 1 Fiyo | 1 Fiyo Cms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter. | |||||
| CVE-2017-11685 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter. | |||||
| CVE-2017-17089 | 1 Webmin | 1 Webmin | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality. | |||||
| CVE-2017-9394 | 1 Ca | 1 Identity Governance | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user. | |||||
| CVE-2017-16810 | 1 Octopus | 1 Octopus Deploy | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 (fixed in 3.13.7) allows remote attackers to inject arbitrary web script or HTML via the Variable Set Name parameter. | |||||
| CVE-2017-1000491 | 1 Shiba Project | 1 Shiba | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration. | |||||
| CVE-2017-15811 | 1 Pootlepress | 1 Pootle Button | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assets_url parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php. | |||||
| CVE-2017-11744 | 1 Modx | 1 Modx Revolution | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MODX Revolution 2.5.7, the "key" and "name" parameters in the System Settings module are vulnerable to XSS. A malicious payload sent to connectors/index.php will be triggered by every user, when they visit this module. | |||||