Total
29037 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1334 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126242. | |||||
| CVE-2010-3659 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified parameters to unknown backend forms. | |||||
| CVE-2017-11516 | 1 Yiiframework | 1 Yii | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled. | |||||
| CVE-2018-5367 | 1 Wpglobus | 1 Wpglobus | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][post] parameter to wp-admin/options.php. | |||||
| CVE-2017-1000033 | 1 Vospari Forms Project | 1 Vospari Forms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Wordpress Plugin Vospari Forms version < 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user. | |||||
| CVE-2014-3531 | 1 Theforeman | 1 Foreman | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description. | |||||
| CVE-2017-14383 | 1 Dell | 4 Emc Vnx1, Emc Vnx1 Firmware, Emc Vnx2 and 1 more | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and VNX1 versions prior to Operating Environment for File 7.1.80.8, a web server error page in VNX Control Station is impacted by a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary HTML code in the user's browser session in the context of the affected web application. | |||||
| CVE-2017-12131 | 1 Goldplugins | 1 Easy Testimonials | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial Excerpt Options screens. | |||||
| CVE-2017-7316 | 1 Humaxdigital | 2 Hg100r, Hg100r Firmware | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on Humax Digital HG100R 2.0.6 devices. There is XSS on the 404 page. | |||||
| CVE-2017-17991 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request. | |||||
| CVE-2017-1494 | 1 Ibm | 1 Business Process Manager | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128692. | |||||
| CVE-2017-11201 | 1 Finecms Project | 1 Finecms | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| application/core/controller/images.php in FineCMS through 2017-07-12 allows remote authenticated admins to conduct XSS attacks by uploading an image via a route=images action. | |||||
| CVE-2017-16956 | 1 Symphony Project | 1 Symphony | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title. | |||||
| CVE-2015-3169 | 1 Askbot | 1 Askbot | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in askbot 0.7.51-4.el6.noarch. | |||||
| CVE-2017-1591 | 1 Ibm | 1 Datapower Gateway | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132368. | |||||
| CVE-2018-5263 | 1 Stackideas | 1 Easydiscuss | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0.21 for Joomla! allows XSS. | |||||
| CVE-2017-18023 | 1 Officetracker | 1 Officetracker | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Office Tracker 11.2.5 has XSS via the logincount parameter to the /otweb/OTPClientLogin URI. | |||||
| CVE-2017-1000462 | 1 Bookstackapp | 1 Bookstack | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code. | |||||
| CVE-2017-1000149 | 1 Mahara | 1 Mahara | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target="_blank" and window.open()) | |||||
| CVE-2017-17744 | 1 Webdesi9 | 1 Custom Map | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the custom-map plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter to view/advancedsettings.php. | |||||