Total
29035 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12792 | 1 Nexusphp Project | 1 Nexusphp | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) linkname, (2) url, or (3) title parameter in an add action to linksmanage.php. | |||||
| CVE-2017-16782 | 1 Home-assistant | 1 Home-assistant | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS. | |||||
| CVE-2017-2284 | 1 Code-atlantic | 1 Popup Maker | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Popup Maker prior to version 1.6.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-6053 | 1 Trihedral | 1 Vtscada | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user's browser. | |||||
| CVE-2017-12158 | 2 Keycloak, Redhat | 3 Keycloak, Enterprise Linux Server, Single Sign On | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server. | |||||
| CVE-2017-1000431 | 1 Ez | 1 Ez Publish | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials. | |||||
| CVE-2017-1001001 | 1 Pluxml | 1 Pluxml | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges. | |||||
| CVE-2017-1208 | 1 Ibm | 1 Maximo Asset Management | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123778. | |||||
| CVE-2017-15574 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment. | |||||
| CVE-2014-9677 | 1 Flowpaper | 1 Flexpaper | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in FlexPaperViewer.swf in Flexpaper before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the Swfile parameter. | |||||
| CVE-2017-8016 | 1 Emc | 1 Archer Grc Platform | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. | |||||
| CVE-2017-10886 | 1 Cs-cart | 2 Cs-cart, Cs-cart Multivendor | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-8950 | 1 Ibm | 1 Emptoris Sourcing | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118837. | |||||
| CVE-2014-5144 | 1 Telescopeapp | 1 Telescope | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Telescope before 0.9.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted markdown. | |||||
| CVE-2017-15736 | 1 Spip | 1 Spip | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php. | |||||
| CVE-2017-6675 | 1 Cisco | 1 Industrial Network Director | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected system. More Information: CSCvd25405. Known Affected Releases: 1.1(0.176). | |||||
| CVE-2017-15648 | 1 Phpsugar | 1 Php Melody | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter. | |||||
| CVE-2017-12294 | 1 Cisco | 1 Webex Meetings Server | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf85562. | |||||
| CVE-2017-1623 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133121. | |||||
| CVE-2017-15279 | 1 Umbraco | 1 Umbraco Cms | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and Umbraco.Web/umbraco.presentation/umbraco/dialogs/notifications.aspx.cs. | |||||