Total
29077 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5479 | 1 Foxsash | 1 Imghosting | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| FoxSash ImgHosting 1.5 (according to footer information) is vulnerable to XSS attacks. The affected function is its search engine via the search parameter to the default URI. Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed. | |||||
| CVE-2017-14762 | 1 Genixcms | 1 Genixcms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id parameter. | |||||
| CVE-2017-15051 | 1 Teampass | 1 Teampass | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or (2) user log history. To exploit the vulnerability, the attacker must be first authenticated to the application. For the first one, the attacker has to simply inject XSS code within the URL field of a shared item. For the second one however, the attacker must prepare a payload within its profile, and then ask an administrator to modify its profile. From there, whenever the administrator accesses the log, it can be XSS'ed. | |||||
| CVE-2017-12269 | 1 Cisco | 1 Spark | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web UI of Cisco Spark Messaging Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web UI of the affected software. An attacker could exploit this vulnerability by injecting XSS content into the web UI of the affected software. A successful exploit could allow the attacker to force a user to execute code of the attacker's choosing or allow the attacker to retrieve sensitive information from the user. Cisco Bug IDs: CSCvf70587, CSCvf70592. | |||||
| CVE-2017-1278 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124756. | |||||
| CVE-2017-1098 | 1 Ibm | 1 Emptoris Supplier Lifecycle Management | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120658. | |||||
| CVE-2017-13754 | 1 Wibu | 1 Codemeter | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the "server name" field in actions/ChangeConfiguration.html. | |||||
| CVE-2015-7349 | 1 Vasco | 1 Digipass | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the sample feedback.inc file in VASCO DIGIPASS authentication plug-in for Citrix Web Interface allows remote attackers to inject arbitrary web script or HTML via the failmessage parameter. | |||||
| CVE-2015-4721 | 1 Concretecms | 1 Concrete Cms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 5.7.3.1. | |||||
| CVE-2017-12856 | 1 C.p.sub Project | 1 C.p.sub | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to index.php. | |||||
| CVE-2014-0141 | 1 Redhat | 1 Satellite | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3. | |||||
| CVE-2015-7980 | 1 Compass Rose Project | 1 Compass Rose | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "embedding a JavaScript library from an external source that was not reliable." | |||||
| CVE-2017-1000213 | 1 Wbce | 1 Wbce Cms | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search | |||||
| CVE-2017-10975 | 1 Lutim Project | 1 Lutim | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Lutim before 0.8 might allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in an upload notification and in the myfiles component, if the attacker can convince the victim to proceed with an upload despite the appearance of an XSS payload in the filename. | |||||
| CVE-2017-15312 | 1 Huawei | 1 Smartcare | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) vulnerability in the dashboard module. A remote authenticated attacker could exploit this vulnerability to inject malicious scripts in the affected device. | |||||
| CVE-2017-7352 | 1 Purestorage | 1 Purity | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System > Configuration > SNMP > Add SNMP Trap Manager' screen. | |||||
| CVE-2017-12343 | 1 Cisco | 1 Data Center Network Manager | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247. | |||||
| CVE-2017-1000442 | 1 Passbolt | 1 Passbolt Api | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace | |||||
| CVE-2017-8745 | 1 Microsoft | 1 Sharepoint Foundation | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Cross Site Scripting Vulnerability". | |||||
| CVE-2017-1688 | 1 Ibm | 1 Rational Doors Next Generation | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134063. | |||||