Total
29035 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15809 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag. | |||||
| CVE-2017-2194 | 1 Ipa | 1 Icodechecker | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Source code security studying tool iCodeChecker allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-17940 | 1 Single Theater Booking Script Project | 1 Single Theater Booking Script | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php. | |||||
| CVE-2017-1535 | 1 Ibm | 1 Cognos Analytics | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130677. | |||||
| CVE-2017-1445 | 1 Ibm | 1 Emptoris Spend Analysis | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128170. | |||||
| CVE-2018-5376 | 1 Discuz | 1 Discuzx | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter. | |||||
| CVE-2017-14134 | 1 Maplesoft | 1 Maple T.a. | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected XSS Vulnerability affects the forgotten password page of Maplesoft Maple T.A. 2016.0.6 (Customer Hosted) via the emailAddress parameter to passwordreset/PasswordReset.do, aka Open Bug Bounty ID OBB-286688. | |||||
| CVE-2017-17096 | 1 Content Cards Project | 1 Content Cards | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Content Cards plugin before 0.9.7 for WordPress allows remote attackers to inject arbitrary JavaScript via crafted OpenGraph data. | |||||
| CVE-2018-5284 | 1 Wpscoop | 1 Imageinject | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options-general.php. | |||||
| CVE-2017-9243 | 1 Aries Networks | 2 Qwr-1104 Wireless-n Router, Qwr-1104 Wireless-n Router Firmware | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 has XSS on the Wireless Site Survey page, exploitable with the name of an access point. | |||||
| CVE-2017-3153 | 1 Apache | 1 Atlas | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality. | |||||
| CVE-2014-9469 | 1 Vbulletin | 1 Vbulletin | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3.6.7, 3.8.7, 4.2.2, 5.0.5, and 5.1.3. | |||||
| CVE-2017-17955 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter. | |||||
| CVE-2017-1000058 | 1 Chevereto | 1 Chevereto | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, one in the user profile and one in the Exif data parser. | |||||
| CVE-2017-11775 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". This CVE ID is unique from CVE-2017-11777 and CVE-2017-11820. | |||||
| CVE-2018-5074 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter. | |||||
| CVE-2017-16802 | 1 Misp-project | 1 Misp | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added. | |||||
| CVE-2017-11820 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". This CVE ID is unique from CVE-2017-11775 and CVE-2017-11777. | |||||
| CVE-2016-2975 | 1 Ibm | 1 Sametime | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113935. | |||||
| CVE-2017-15287 | 1 Bouqueteditor Project | 1 Bouqueteditor | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI. | |||||