Total
29057 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12677 | 1 Identityserver | 1 Identityserver3 | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Angular expression on the authorize response page, which might allow remote attackers to obtain sensitive information about the IdentityServer authorization response. | |||||
| CVE-2017-16876 | 2 Fedoraproject, Mistune Project | 2 Fedora, Mistune | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument. | |||||
| CVE-2017-8569 | 1 Microsoft | 1 Sharepoint Server | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it sanitizes a specially crafted web request to an affected SharePoint server, aka "SharePoint Server XSS Vulnerability". | |||||
| CVE-2017-11202 | 1 Finecms Project | 1 Finecms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| FineCMS through 2017-07-12 allows XSS in visitors.php because JavaScript in visited URLs is not restricted either during logging or during the reading of logs, a different vulnerability than CVE-2017-11180. | |||||
| CVE-2017-12349 | 1 Cisco | 1 Unified Computing System Central Software | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986. | |||||
| CVE-2017-14715 | 1 Telaxius | 1 Epesi | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter. | |||||
| CVE-2017-16789 | 2 Integrationmatters, Tibco | 2 Njams, Businessworks Process Monitor | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS 3 before 3.2.0 Hotfix 7, as used in TIBCO BusinessWorks Process Monitor through 3.0.1.3 and other products, allows remote authenticated administrators to inject arbitrary web script or HTML via the users management panel of the web interface. | |||||
| CVE-2017-16765 | 1 Dlink | 2 Dwr-933, Dwr-933 Firmware | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi. | |||||
| CVE-2017-1380 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127151. | |||||
| CVE-2017-1002017 | 1 Bobcares | 1 Gift-certificate-creator | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability. | |||||
| CVE-2016-6812 | 1 Apache | 1 Cxf | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. The calculated base URL is used by FormattedServiceListWriter to build the service endpoint absolute URLs. If the unexpected matrix parameters have been injected into the request URL then these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client. | |||||
| CVE-2017-11441 | 1 Cpanel | 1 Whm | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297. | |||||
| CVE-2018-5667 | 1 Read And Understood Project | 1 Read And Understood | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnu_username_validation_pattern parameter. | |||||
| CVE-2017-7296 | 1 Contiki-os | 1 Contiki | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page (aka mqtt.html) of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configure that device's operation by sending HTTP POST requests. The vulnerability consists of improper input sanitisation of the text fields on the MQTT/IBM Cloud config page, allowing for JavaScript code injection. | |||||
| CVE-2017-8044 | 1 Vmware | 1 Single Sign-on For Pivotal Cloud Foundry | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks. | |||||
| CVE-2017-9555 | 1 Synology | 1 Photo Station | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter. | |||||
| CVE-2017-17947 | 1 Pulsesecure | 1 Pulse Connect Secure | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| A cross site scripting issue has been found in custompage.cgi in Pulse Secure Pulse Connect Secure (PCS) before 8.0R17.0, 8.1.x before 8.1R13, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 and Pulse Policy Secure (PPS) before 5.2R10, 5.3.x before 5.3R9, and 5.4.x before 5.4R3 due to one of the URL parameters not being sanitized. Exploitation does require the user to be logged in as administrator; the issue is not applicable to the end user portal. | |||||
| CVE-2017-9613 | 1 Sap | 1 Successfactors | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality. | |||||
| CVE-2015-5613 | 1 Octobercms | 1 October | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612. | |||||
| CVE-2017-4940 | 1 Vmware | 1 Esxi | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client. | |||||