Total
29035 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8808 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping. | |||||
| CVE-2017-7732 | 1 Fortinet | 1 Fortimail | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows attacker to inject arbitrary web script or HTML via crafted HTTP requests. | |||||
| CVE-2017-16821 | 1 B3log | 1 Symphony | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid. | |||||
| CVE-2017-5004 | 2 Emc, Rsa | 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. | |||||
| CVE-2017-15284 | 1 Octobercms | 1 October | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened by the Admin, it causes JavaScript execution in the context of the Admin account. | |||||
| CVE-2016-6114 | 1 Ibm | 1 Emptoris Sourcing | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118352. | |||||
| CVE-2017-18032 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php. | |||||
| CVE-2017-15009 | 1 Paessler | 1 Prtg Network Monitor | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected Cross-Site Scripting on error.htm (the error page), via the errormsg parameter. | |||||
| CVE-2017-18004 | 1 Zurmo | 1 Zurmo Crm | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint. | |||||
| CVE-2017-15375 | 1 Wpjobboard | 1 Wpjobboard | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the `query` and `id` parameters of the `wpjb-email`, `wpjb-job`, `wpjb-application`, and `wpjb-membership` modules. Remote attackers are able to inject malicious script code to hijack admin session credentials via the backend, or to manipulate the backend on client-side performed requests. The attack vector is non-persistent and the request method to inject is GET. The attacker does not need a privileged user account to perform a successful exploitation. | |||||
| CVE-2018-0011 | 1 Juniper | 1 Junos Space | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a session, and to perform administrative actions on the Junos Space network management device. | |||||
| CVE-2017-1000223 | 1 Modx | 1 Modx Revolution | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious JavaScript as a User Group name and potentially take control over victims' accounts. This can lead to an escalation of privileges providing complete administrative control over the CMS. | |||||
| CVE-2017-9931 | 1 Greenpacket | 2 Dx-350, Dx-350 Firmware | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by the action parameter to ajax.cgi. | |||||
| CVE-2014-0208 | 1 Theforeman | 1 Foreman | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name. | |||||
| CVE-2017-14751 | 1 Intensewp | 1 Wp Jobs | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field. | |||||
| CVE-2017-10795 | 1 Intelliants | 1 Subrion | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or HTML via the body to blog/add/, a different vulnerability than CVE-2017-6069. | |||||
| CVE-2017-1000051 | 1 Xwiki | 1 Cryptpad | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content | |||||
| CVE-2017-17954 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter. | |||||
| CVE-2017-17869 | 1 Mgl-instagram-gallery Project | 1 Mgl-instagram-gallery | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter. | |||||
| CVE-2017-16842 | 1 Yoast | 1 Wordpress Seo | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in admin/google_search_console/class-gsc-table.php in the Yoast SEO plugin before 5.8.0 for WordPress allows remote attackers to inject arbitrary web script or HTML. | |||||