Total
29038 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-3421 | 1 Eshop Project | 1 Eshop | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure attack via crafted variables named after target PHP variables. | |||||
CVE-2017-1503 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578. | |||||
CVE-2016-6019 | 1 Ibm | 1 Emptoris Strategic Supply Management | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116739. | |||||
CVE-2014-7240 | 1 Formget | 1 Easy Contact Form Solution | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Easy Contact Form Solution plugin before 1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value parameter in a master_response action to wp-admin/admin-ajax.php. | |||||
CVE-2017-9507 | 1 Atlassian | 2 Crucible, Fisheye | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter. | |||||
CVE-2016-6810 | 1 Apache | 1 Activemq | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation. | |||||
CVE-2017-17893 | 1 Readymade Video Sharing Script Project | 1 Readymade Video Sharing Script | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Readymade Video Sharing Script has XSS via the search_video.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter. | |||||
CVE-2015-3162 | 1 Beaker-project | 1 Beaker | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked canceled job. | |||||
CVE-2017-11198 | 1 Finecms Project | 1 Finecms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_image.php in FineCMS through 2017-07-12 allows remote attackers to inject arbitrary web script or HTML via the folder, id, or name parameter. | |||||
CVE-2017-1000492 | 1 Leanote | 1 Desktop | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration | |||||
CVE-2017-7666 | 1 Apache | 1 Openmeetings | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks. | |||||
CVE-2016-10508 | 1 Phpthumb Project | 1 Phpthumb | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php. | |||||
CVE-2017-5085 | 2 Apple, Google | 2 Iphone Os, Chrome | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark. | |||||
CVE-2017-9306 | 1 Syspass | 1 Syspass | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring. | |||||
CVE-2017-7339 | 1 Fortinet | 1 Fortiportal | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality. | |||||
CVE-2016-10699 | 1 Dlink | 2 Dsl-2740e, Dsl-2740e Firmware | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a victim when checking the router logs. | |||||
CVE-2017-12630 | 1 Apache | 1 Drill | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards. | |||||
CVE-2017-17093 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site. | |||||
CVE-2017-14716 | 1 Telaxius | 1 Epesi | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter. | |||||
CVE-2017-15278 | 1 Teampass | 1 Teampass | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |