Total
29034 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16908 | 1 Horde | 1 Groupware | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed. | |||||
| CVE-2017-1168 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123187. | |||||
| CVE-2017-1000426 | 1 Omniscale | 1 Mapproxy | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| MapProxy version 1.10.3 and older is vulnerable to a Cross Site Scripting attack in the demo service resulting in possible information disclosure. | |||||
| CVE-2017-16904 | 1 Lvyecms Project | 1 Lvyecms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator. | |||||
| CVE-2017-7736 | 1 Fortinet | 1 Fortiweb | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certificate import. | |||||
| CVE-2017-14714 | 1 Telaxius | 1 Epesi | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter. | |||||
| CVE-2017-2285 | 1 Silkypress | 1 Simple Custom Css And Js | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Simple Custom CSS and JS prior to version 3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-11507 | 1 Check Mk Project | 1 Check Mk | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page. | |||||
| CVE-2017-1324 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125975. | |||||
| CVE-2017-8041 | 1 Vmware | 1 Single Sign-on For Pivotal Cloud Foundry | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name. | |||||
| CVE-2017-16564 | 1 Grandstream | 2 Ht802, Ht802 Firmware | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148). | |||||
| CVE-2017-14756 | 1 Opentext | 1 Document Sciences Xpression | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/Deployment (cat_id). | |||||
| CVE-2015-3299 | 1 Floating Social Bar Project | 1 Floating Social Bar | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Floating Social Bar plugin before 1.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to original service order. | |||||
| CVE-2017-16230 | 1 Typecho | 1 Typecho | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| In admin/write-post.php in Typecho through 1.1, one can log in to the background page, write a new article, and add payload in the article content, resulting in XSS via index.php/action/contents-post-edit. | |||||
| CVE-2017-14921 | 1 Tine20 | 1 Tine 2.0 | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | |||||
| CVE-2017-17569 | 1 Scubez | 1 Posty Readymade Classifieds | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Scubez Posty Readymade Classifieds has XSS via the admin/user_activate_submit.php ID parameter. | |||||
| CVE-2017-6761 | 1 Cisco | 1 Finesse | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Finesse 10.6(1) and 11.5(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvd96744. | |||||
| CVE-2017-15863 | 1 Wp No External Links Project | 1 Wp No External Links | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin before 3.5.19 for WordPress via the date1 or date2 parameter to wp-admin/options-general.php. | |||||
| CVE-2017-1106 | 1 Ibm | 1 Curam Social Program Management | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120744. | |||||
| CVE-2017-1429 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127587. | |||||