Total
29035 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15188 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admin_device/index.php. | |||||
| CVE-2014-6191 | 1 Ibm | 1 Curam Social Program Management | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 98568. | |||||
| CVE-2017-11458 | 1 Sap | 1 Netweaver Application Server Java | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783. | |||||
| CVE-2016-10257 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256. | |||||
| CVE-2018-5668 | 1 Read And Understood Project | 1 Read And Understood | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnu_username_validation_title parameter. | |||||
| CVE-2016-0336 | 1 Ibm | 1 Security Identity Manager | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111737. | |||||
| CVE-2016-5394 | 1 Apache | 1 Sling | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities. | |||||
| CVE-2017-11194 | 1 Pulsesecure | 1 Pulse Connect Secure | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an attacker to inject tags. An attacker could come up with clever payloads to make the system run commands such as ping, ping6, traceroute, nslookup, arp, etc. | |||||
| CVE-2017-9509 | 1 Atlassian | 2 Crucible, Fisheye | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file. | |||||
| CVE-2017-12927 | 1 Cacti | 1 Cacti | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php. | |||||
| CVE-2017-1465 | 1 Ibm | 1 Tririga Application Platform | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 128464. | |||||
| CVE-2017-11163 | 1 Cacti | 1 Cacti | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. | |||||
| CVE-2017-15008 | 1 Paessler | 1 Prtg Network Monitor | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all sensor titles, related to incorrect error handling for a %00 in the SRC attribute of an IMG element. | |||||
| CVE-2017-17057 | 1 Zkteco | 1 Zktime Web | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the 'Range' field of the 'Department' module in a Personnel Advanced Query. A remote attacker can execute arbitrary HTML and script code in the browser in the context of the vulnerable application. | |||||
| CVE-2015-2145 | 1 Phpbugtracker Project | 1 Phpbugtracker | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2016-2979 | 1 Ibm | 1 Sametime | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113945. | |||||
| CVE-2017-1427 | 1 Ibm | 1 Cognos Analytics | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127579. | |||||
| CVE-2017-12811 | 1 Stivasoft | 1 Phpjabbers Star Rating Script | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item. | |||||
| CVE-2017-18014 | 1 Sophos | 2 Sfos, Xg Firewall | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page (Control Center -> Log Viewer -> in the filter option "Web Server Protection") in the webadmin interface, and execute any action available to the webadmin of the firewall (e.g., creating a new user, enabling SSH, or adding an SSH authorized key). The WAF log page will execute the "User-Agent" parameter in the HTTP POST request. | |||||
| CVE-2017-9674 | 1 Simplece | 1 Simplece | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?return_url=[XSS] exploitable as a regular or admin user. | |||||