Total
29035 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16768 | 1 Synology | 1 Mailplus Server | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter. | |||||
| CVE-2017-17986 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter. | |||||
| CVE-2017-5003 | 2 Emc, Rsa | 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. | |||||
| CVE-2017-14379 | 1 Emc | 1 Rsa Authentication Manager | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2012-4567 | 1 Letodms Project | 1 Letodms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) inc/inc.ClassUI.php or (2) out/out.DocumentNotify.php. | |||||
| CVE-2017-10798 | 1 Objectplanet | 1 Opinio | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In ObjectPlanet Opinio before 7.6.4, there is XSS. | |||||
| CVE-2017-14744 | 1 Baidu | 1 Ueditor | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. | |||||
| CVE-2017-16758 | 1 Ultimate Instagram Feed Project | 1 Ultimate Instagram Feed | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin before 1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "access_token" parameter. | |||||
| CVE-2017-13138 | 1 Qodeinteractive | 1 Bridge | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript. | |||||
| CVE-2017-18012 | 1 Z-url Preview Project | 1 Z-url Preview | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter. | |||||
| CVE-2018-5365 | 1 Wpglobus | 1 Wpglobus | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[selector_wp_list_pages][show_selector] parameter to wp-admin/options.php. | |||||
| CVE-2017-1000138 | 1 Mahara | 1 Mahara | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title. | |||||
| CVE-2017-13671 | 1 Misp | 1 Misp | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation. | |||||
| CVE-2017-12298 | 1 Cisco | 1 Webex Meeting Center | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf78615, CSCvf78628. | |||||
| CVE-2017-11460 | 1 Sap | 1 Netweaver Portal | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter to shp/shp_result.jsp, aka SAP Security Note 2308535. | |||||
| CVE-2017-14371 | 1 Rsa | 1 Archer Grc Platform | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. | |||||
| CVE-2017-12068 | 1 Event List Project | 1 Event List | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Event List plugin 0.7.9 for WordPress has XSS in the slug array parameter to wp-admin/admin.php in an el_admin_categories delete_bulk action. | |||||
| CVE-2017-10838 | 1 Seopanel | 1 Seo Panel | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in SEO Panel prior to version 3.11.0 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-9816 | 1 Paessler | 1 Prtg Network Monitor | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Monitor before 17.2.32.2279 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-5286 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-about page. | |||||