Total
29035 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17896 | 1 Basic Job Site Script Project | 1 Basic Job Site Script | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Readymade Job Site Script has XSS via the keyword parameter to the /job URI. | |||||
| CVE-2017-8551 | 1 Microsoft | 1 Project Server | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint XSS vulnerability". | |||||
| CVE-2016-6021 | 1 Ibm | 1 Emptoris Strategic Supply Management | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116755. | |||||
| CVE-2017-12413 | 1 Axis | 2 2100 Network Camera, 2100 Network Camera Firmware | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml. | |||||
| CVE-2017-11612 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components. | |||||
| CVE-2017-12220 | 1 Cisco | 1 Firepower Management Center | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvc50771. | |||||
| CVE-2017-12980 | 1 Dokuwiki | 1 Dokuwiki | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonstrated by the dc:creator element. | |||||
| CVE-2015-5282 | 1 Theforeman | 1 Foreman | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after. | |||||
| CVE-2017-1000146 | 1 Mahara | 1 Mahara | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio page was not being properly escaped in the AJAX script that updates the Add/remove watchlist link on artefact detail pages. | |||||
| CVE-2017-6715 | 1 Cisco | 1 Firepower Management Center | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. Affected Products: Cisco Firepower Management Center Releases 5.4.1.x and prior. More Information: CSCuy88951. Known Affected Releases: 5.4.1.6. | |||||
| CVE-2017-11686 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method. | |||||
| CVE-2017-14313 | 1 Shibboleth Project | 1 Shibboleth | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The shibboleth_login_form function in shibboleth.php in the Shibboleth plugin before 1.8 for WordPress is prone to an XSS vulnerability due to improper use of add_query_arg(). | |||||
| CVE-2015-9104 | 1 Synology | 1 Audio Station | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title. | |||||
| CVE-2017-16568 | 1 Logitech | 1 Media Server | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a radio URL. | |||||
| CVE-2018-5363 | 1 Wpglobus | 1 Wpglobus | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[enabled_languages][en] or wpglobus_option[enabled_languages][fr] (or any other language) parameter to wp-admin/options.php. | |||||
| CVE-2017-14588 | 1 Atlassian | 2 Crucible, Fisheye | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter. | |||||
| CVE-2017-17837 | 1 Apache | 1 Deltaspike | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters (by default), so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1. | |||||
| CVE-2018-5652 | 1 Dark Mode Project | 1 Dark Mode | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_end parameter. | |||||
| CVE-2017-3103 | 1 Adobe | 1 Connect | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to a stored cross-site scripting attack. | |||||
| CVE-2017-1000032 | 1 Cacti | 1 Cacti | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php. | |||||