Total
29053 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17719 | 1 Olyos | 1 Wp-concours | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the wp-concours plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the result_message parameter to includes/concours_page.php. | |||||
| CVE-2017-1000239 | 1 Invoiceplane | 1 Invoiceplane | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site. | |||||
| CVE-2017-14415 | 2 D-link, Dlink | 2 Dir-850l Firmware, Dir-850l | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php. | |||||
| CVE-2017-1000065 | 1 Openmediavault | 1 Openmediavault | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights Management(Users) functionality allows attackers to inject arbitrary web scripts and execute malicious scripts within an authenticated client's browser. | |||||
| CVE-2016-10515 | 1 Redmine | 1 Redmine | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages. | |||||
| CVE-2017-12810 | 1 Stivasoft | 1 Phpjabbers Newsletter Script | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel. | |||||
| CVE-2017-1000132 | 1 Mahara | 1 Mahara | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file. | |||||
| CVE-2018-5362 | 1 Wpglobus | 1 Wpglobus | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][page] parameter to wp-admin/options.php. | |||||
| CVE-2016-10704 | 1 Magento | 1 Magento | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503. | |||||
| CVE-2017-14506 | 1 Geminabox Project | 1 Geminabox | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file. | |||||
| CVE-2017-14372 | 1 Rsa | 1 Archer Grc Platform | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. | |||||
| CVE-2015-1864 | 1 Kallithea-scm | 1 Kallithea | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name user details, or the (3) repository, (4) repository group, or (5) user group description. | |||||
| CVE-2017-17780 | 1 Mediaburst | 8 Booking Calendar Sms, Clockwork Sms Notfications, Contact Form 7 Sms and 5 more | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication - Clockwork SMS 1.0.2, Booking Calendar - Clockwork SMS 1.0.5, Contact Form 7 - Clockwork SMS 2.3.0, Fast Secure Contact Form - Clockwork SMS 2.1.2, Formidable - Clockwork SMS 1.0.2, Gravity Forms - Clockwork SMS 2.2, and WP e-Commerce - Clockwork SMS 2.0.5. | |||||
| CVE-2017-13724 | 1 Axesstel | 2 Mu553s, Mu553s Firmware | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site Scripting vulnerability in the APN parameter under the "Basic Settings" page. | |||||
| CVE-2018-5078 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| Online Ticket Booking has XSS via the admin/eventlist.php cast parameter. | |||||
| CVE-2017-11594 | 1 Loomio | 1 Loomio | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment. | |||||
| CVE-2017-3933 | 1 Mcafee | 1 Network Data Loss Prevention | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack. | |||||
| CVE-2016-9715 | 1 Ibm | 1 Infosphere Master Data Management Server | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119728. | |||||
| CVE-2016-10516 | 1 Palletsprojects | 1 Werkzeug | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message. | |||||
| CVE-2016-8975 | 1 Ibm | 1 Rhapsody Design Manager | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118912. | |||||