Total
29036 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6705 | 1 Jamroom | 1 Jamroom | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Status Update field. | |||||
| CVE-2017-16819 | 1 Icontime | 2 Rtc-1000, Rtc-1000 Firmware | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field for the employee details page (/employee.html) that is then reflected in multiple pages where that field data is utilized, resulting in session hijacking and possible elevation of privileges. | |||||
| CVE-2017-11651 | 1 Nexusphp | 1 Nexusphp | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag. | |||||
| CVE-2017-1348 | 1 Ibm | 1 Sterling B2b Integrator | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126524. | |||||
| CVE-2017-9366 | 1 Epesi | 1 Epesi | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tab_name parameter. | |||||
| CVE-2017-1530 | 1 Ibm | 1 Business Process Manager | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130409. | |||||
| CVE-2017-11611 | 1 Wolfcms | 1 Wolf Cms | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of the file name in a "create-file-popup" action, and the directory name in a "create-directory-popup" action, in the HTTP POST method to the "/plugin/file_manager/" script (aka an /admin/plugin/file_manager/browse// URI). | |||||
| CVE-2016-2973 | 1 Ibm | 1 Sametime | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113899. | |||||
| CVE-2017-14241 | 1 Dolibarr | 1 Dolibarr | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php. | |||||
| CVE-2017-1247 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124627. | |||||
| CVE-2017-15892 | 1 Synology | 1 Chat | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter. | |||||
| CVE-2017-15612 | 1 Mistune Project | 1 Mistune | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions. | |||||
| CVE-2017-1533 | 1 Ibm | 1 Security Access Manager 9.0 Firmware | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Security Access Manager Appliance 9.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130675. | |||||
| CVE-2017-15384 | 1 Phpjabbers | 1 Rate Me | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| rate-me.php in Rate Me 1.0 has XSS via the id field in a rate action. | |||||
| CVE-2017-15214 | 1 Flyspray | 1 Flyspray | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php. | |||||
| CVE-2017-10673 | 1 Get-simple | 1 Getsimple Cms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| admin/profile.php in GetSimple CMS 3.x has XSS in a name field. | |||||
| CVE-2015-5181 | 1 Redhat | 1 Jboss A-mq | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript. | |||||
| CVE-2017-11479 | 2 Elastic, Elasticsearch | 2 Kibana, Kibana | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | |||||
| CVE-2017-1000005 | 1 Phpminiadmin Project | 1 Phpminiadmin | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the name of databases, tables and columns resulting in potential account takeover and scraping of data (stealing data). | |||||
| CVE-2015-3161 | 1 Beaker-project | 1 Beaker | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| The search bar code in bkr/server/widgets.py in Beaker before 20.1 does not escape </script> tags in string literals when producing JSON. | |||||