Total
29048 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15878 | 1 Keystonejs | 1 Keystone | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature. | |||||
| CVE-2014-4925 | 2 Good, Google | 2 Good For Enterprise, Android | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Good for Enterprise for Android 2.8.0.398 and 1.9.0.40. | |||||
| CVE-2017-12156 | 1 Moodle | 1 Moodle | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback. | |||||
| CVE-2018-5688 | 1 Ilias | 1 Ilias | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component. | |||||
| CVE-2017-12200 | 1 Etoilewebdesign | 1 Ultimate Product Catalog | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually component. | |||||
| CVE-2018-5331 | 1 Discuz | 1 Discuzx | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php. | |||||
| CVE-2017-14413 | 2 D-link, Dlink | 2 Dir-850l Firmware, Dir-850l | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php. | |||||
| CVE-2017-1000240 | 1 Open-emr | 1 Openemr | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML. | |||||
| CVE-2017-9337 | 1 Markdown On Save Improved Project | 1 Markdown On Save Improved | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS vulnerability in the content of a post. | |||||
| CVE-2017-1498 | 1 Ibm | 1 Connections | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129020. | |||||
| CVE-2015-4072 | 1 Helpdesk Pro Project | 1 Helpdesk Pro | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message. | |||||
| CVE-2015-4687 | 1 Ellucian | 1 Banner Student | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-12777 | 1 Nexusphp Project | 1 Nexusphp | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php. | |||||
| CVE-2017-2335 | 1 Juniper | 1 Screenos | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue. | |||||
| CVE-2017-1485 | 1 Ibm | 1 Cognos Analytics | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128623. | |||||
| CVE-2016-9986 | 1 Ibm | 1 Jazz Reporting Service | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120552. | |||||
| CVE-2017-14352 | 1 Hp | 1 Ucmdb Configuration Manager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting. | |||||
| CVE-2017-5247 | 1 Biscom | 1 Secure File Transfer | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Biscom Secure File Transfer is vulnerable to cross-site scripting in the File Name field. An authenticated user with permissions to upload or send files can populate this field with a filename that contains standard HTML scripting tags. The resulting script will evaluated by any other authenticated user who views the attacker-supplied file name. All versions of SFT prior to 5.1.1028 are affected. The fix version is 5.1.1028. | |||||
| CVE-2017-17775 | 1 Piwigo | 1 Piwigo | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request. | |||||
| CVE-2017-14620 | 1 Smartertools | 1 Smarterstats | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting. | |||||