Total
29035 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5249 | 1 Shaarli Project | 1 Shaarli | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form's username field (aka the login parameter to the ban_canLogin function in index.php). | |||||
| CVE-2018-5665 | 1 Responsive Coming Soon Page Project | 1 Responsive Coming Soon Page | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php logo_height parameter. | |||||
| CVE-2017-12221 | 1 Cisco | 1 Firepower Management Center | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the affected software. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code in the context of the affected system. Cisco Bug IDs: CSCvc38983. | |||||
| CVE-2017-1000063 | 1 Kitto Project | 1 Kitto | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 page resulting in information disclosure | |||||
| CVE-2017-9332 | 1 Pivotx | 1 Pivotx | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag. | |||||
| CVE-2017-16815 | 1 Snapcreek | 1 Duplicator | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values "url_new" (/wp-content/plugins/duplicator/installer/build/view.step4.php) and "logging" (wp-content/plugins/duplicator/installer/build/view.step2.php) are not filtered correctly. | |||||
| CVE-2017-10967 | 1 Finecms Project | 1 Finecms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In FineCMS before 2017-07-06, application\core\controller\config.php allows XSS in the (1) key_name, (2) key_value, and (3) meaning parameters. | |||||
| CVE-2012-6668 | 1 Dragonbyte-tech | 1 Vbshout Module | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Shout Reports in the DragonByte Technologies vBShout module before 6.0.6 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the (1) reportreason parameter in actions/doreport.php or (2) modnotes parameter in actions/updatereport.php. | |||||
| CVE-2018-5071 | 1 Cobham | 2 Sea Tel 116, Sea Tel 116 Firmware | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is similar to a Cross Protocol Injection with SNMP. | |||||
| CVE-2017-6789 | 1 Cisco | 1 Unified Intelligence Center | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model (DOM)-based, environment or client-side cross-site scripting (XSS) attack. The vulnerability occurs because user-supplied data in the DOM input is not validated. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious DOM statements to the affected system. A successful exploit could allow the attacker to affect the integrity of the system by manipulating the database. Known Affected Releases 11.0(1)ES10. Cisco Bug IDs: CSCvf18325. | |||||
| CVE-2015-8354 | 1 Ultimatemember | 1 Ultimate Member | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php. | |||||
| CVE-2009-1198 | 1 Apache | 1 Juddi | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Apache jUDDI before 2.0 allows remote attackers to inject arbitrary web script or HTML via the dsname parameter to happyjuddi.jsp. | |||||
| CVE-2017-9313 | 1 Webmin | 1 Webmin | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840. | |||||
| CVE-2017-1593 | 1 Ibm | 1 Rational Doors Next Generation | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132494. | |||||
| CVE-2017-9609 | 1 Blackcat-cms | 1 Blackcat Cms | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php. | |||||
| CVE-2017-16836 | 1 Commscope | 2 Arris Tg1682g, Arris Tg1682g Firmware | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter. | |||||
| CVE-2017-1521 | 1 Ibm | 1 Bigfix Platform | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications (IBM BigFix Platform 9.2 and 9.5) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129831. | |||||
| CVE-2017-15812 | 1 Easy Appointments Project | 1 Easy Appointments | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a Settings values in the admin panel. | |||||
| CVE-2017-17938 | 1 Single Theater Booking Script Project | 1 Single Theater Booking Script | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter. | |||||
| CVE-2017-17714 | 1 Boxug | 1 Trape | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter. | |||||