Total
29034 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13986 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system. | |||||
| CVE-2017-7422 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features, if this component is configured. Note esfadmingui is not enabled by default. | |||||
| CVE-2017-9621 | 1 Epesi | 1 Epesi | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in modules/Base/Lang/Administrator/update_translation.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) original or (2) new parameter. | |||||
| CVE-2017-1632 | 1 Ibm | 1 Sterling File Gateway | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133178. | |||||
| CVE-2017-9836 | 1 Piwigo | 1 Piwigo | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtual_name parameter to /admin.php (i.e., creating a virtual album). | |||||
| CVE-2017-15362 | 1 Osticket | 1 Osticket | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application. This affects a different tickets.php file than CVE-2015-1176. | |||||
| CVE-2017-17948 | 1 Cells | 1 Blog | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request. | |||||
| CVE-2017-1256 | 1 Ibm | 1 Security Guardium | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124678 | |||||
| CVE-2017-15573 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content. | |||||
| CVE-2017-8559 | 1 Microsoft | 1 Exchange Server | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8560. | |||||
| CVE-2017-1365 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 126858. | |||||
| CVE-2017-12346 | 1 Cisco | 1 Data Center Network Manager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247. | |||||
| CVE-2017-15570 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data. | |||||
| CVE-2017-14268 | 1 Ee | 2 4gee Wifi Mbb, 4gee Wifi Mbb Firmware | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have XSS in the sms_content parameter in a getSMSlist request. | |||||
| CVE-2017-1113 | 1 Ibm | 1 Rational Team Concert | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121151. | |||||
| CVE-2017-12061 | 1 Mantisbt | 1 Mantisbt | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by the $f_database, $f_db_username, and $f_admin_username variables. This is mitigated by the fact that the admin/ folder should be deleted after installation, and also prevented by CSP. | |||||
| CVE-2017-1000188 | 1 Ejs | 1 Ejs | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection | |||||
| CVE-2017-10991 | 1 Wp-statistics | 1 Wp Statistics | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page. | |||||
| CVE-2016-9987 | 1 Ibm | 1 Jazz Reporting Service | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120553. | |||||
| CVE-2017-2256 | 1 Cybozu | 1 Garoon | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo". | |||||