Total
29053 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14712 | 1 Telaxius | 1 Epesi | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter. | |||||
| CVE-2017-16881 | 1 Symphony Project | 1 Symphony | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService.java, service/AvatarQueryService.java, and service/CommentQueryService.java. | |||||
| CVE-2017-14923 | 1 Tine20 | 1 Tine 2.0 | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | |||||
| CVE-2017-9523 | 1 Sophos | 1 Web Appliance | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342. | |||||
| CVE-2017-17953 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter. | |||||
| CVE-2017-10962 | 1 Project-redcap | 1 Redcap | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| REDCap before 7.5.1 has XSS via the query string. | |||||
| CVE-2017-16567 | 1 Logitech | 1 Media Server | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a "favorite." | |||||
| CVE-2018-5687 | 1 Newsbee Project | 1 Newsbee | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| NewsBee allows XSS via the Company Name field in the Settings under admin/admin.php. | |||||
| CVE-2017-1249 | 1 Ibm | 1 Rhapsody Design Manager | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2014-9310 | 1 Wordpress Backup To Dropbox Project | 1 Wordpress Backup To Dropbox | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the WordPress Backup to Dropbox plugin before 4.1 for WordPress. | |||||
| CVE-2017-11481 | 1 Elastic | 1 Kibana | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | |||||
| CVE-2017-12648 | 1 Liferay | 1 Liferay Portal | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL. | |||||
| CVE-2017-14142 | 1 Kaltura | 1 Kaltura Server | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Kaltura before 13.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) partnerId or (2) playerVersion parameter to server/admin_console/web/tools/bigRedButton.php; the (3) partnerId, (4) playerVersion, (5) secret, (6) entryId, (7) adminUiConfId, or (8) uiConfId parameter to server/admin_console/web/tools/bigRedButtonPtsPoc.php; the (9) streamUsername, (10) streamPassword, (11) streamRemoteId, (12) streamRemoteBackupId, or (13) entryId parameter to server/admin_console/web/tools/AkamaiBroadcaster.php; the (14) entryId parameter to server/admin_console/web/tools/XmlJWPlayer.php; or the (15) partnerId or (16) playerVersion parameter to server/alpha/web/lib/bigRedButtonPtsPocHlsjs.php. | |||||
| CVE-2012-6682 | 1 Dragonbyte-tech | 1 Vbdownloads Module | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in downloads/actions/editdownload.php in the DragonByte Technologies vBDownloads module 1.3.2 and earlier for vBulletin allows remote attackers to inject arbitrary web script or HTML via the mirrors[] parameter. | |||||
| CVE-2017-1000466 | 1 Invoiceninja | 1 Invoice Ninja | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result in disruption of service and execution of javascript code. | |||||
| CVE-2011-4955 | 1 Bsuite Project | 1 Bsuite | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in the bSuite plugin before 5 alpha 3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or (2) p parameters to index.php. | |||||
| CVE-2017-7734 | 1 Fortinet | 1 Fortios | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions. | |||||
| CVE-2017-17989 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action. | |||||
| CVE-2017-2336 | 1 Juniper | 1 Screenos | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the attacker to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue. | |||||
| CVE-2017-18006 | 1 Extensis | 1 Portfolio Netpublish | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447. | |||||