Total
29035 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7554 | 1 Redhat | 1 Mobile Application Platform | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using App Studio. | |||||
| CVE-2017-12572 | 1 Splunk | 1 Splunk | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104. | |||||
| CVE-2017-1000088 | 1 Jenkins | 1 Sidebar Link | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links. | |||||
| CVE-2017-7733 | 1 Fortinet | 1 Fortios | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter. | |||||
| CVE-2017-6702 | 1 Cisco | 1 Socialminer | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web framework of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCve15285. Known Affected Releases: 11.5(1). | |||||
| CVE-2017-12348 | 1 Cisco | 1 Unified Computing System Central Software | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986. | |||||
| CVE-2016-9701 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Team Concert | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119529. | |||||
| CVE-2016-3113 | 1 Redhat | 1 Ovirt-engine | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2017-6749 | 1 Cisco | 2 Web Security Appliance, Web Security Virtual Appliance | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88865. Known Affected Releases: 10.1.0-204. | |||||
| CVE-2018-5216 | 1 Radiantcms | 1 Radiant Cms | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_content parameter to an admin/pages/*/edit resource. | |||||
| CVE-2017-1554 | 1 Ibm | 1 Infosphere Biginsights | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131398. | |||||
| CVE-2017-12292 | 1 Cisco | 1 Email Encryption | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999. | |||||
| CVE-2017-11107 | 2 Debian, Phpldapadmin Project | 2 Debian Linux, Phpldapadmin | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter. | |||||
| CVE-2015-5057 | 1 Broken Link Checker Project | 1 Broken Link Checker | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed. | |||||
| CVE-2018-5311 | 1 Tonjoostudio | 1 Easy Custom Auto Excerpt | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the tonjoo_ecae_options[custom_css] parameter to the wp-admin/admin.php?page=tonjoo_excerpt URI. | |||||
| CVE-2017-1331 | 1 Ibm | 1 Content Navigator | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126233. | |||||
| CVE-2017-15273 | 1 Mahara | 1 Mahara | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts. | |||||
| CVE-2017-15888 | 1 Synology | 1 Audio Station | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter. | |||||
| CVE-2017-11355 | 1 Pega | 1 Pega Platform | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) beanReference parameter to the JavaBean viewer page; or the (3) pyTableName to the System database schema modification page. | |||||
| CVE-2017-17868 | 1 Liferay | 1 Liferay Portal | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag. | |||||