Total
29034 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1000011 | 1 Mywebsql | 1 Mywebsql | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| MyWebSQL version 3.6 is vulnerable to stored XSS in the database manager component resulting in account takeover or stealing of information | |||||
| CVE-2017-15948 | 1 Edgeofmyseat | 1 Perch | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| Perch Content Management System 3.0.3 allows unrestricted file upload (with resultant XSS) via the Asset Title field in conjunction with the Select File field. This is exploitable with a Limited Admin account. | |||||
| CVE-2018-5690 | 1 Dotclear | 1 Dotclear | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number). | |||||
| CVE-2017-1500 | 1 Ibm | 2 Mobilefirst Platform Foundation, Worklight | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in authenticationConfig.xml, you get an HTTP 403 Forbidden response and the value will be reflected in the body of the HTTP response. By setting it to arbitrary JavaScript code it is possible to modify the flow of the authorization function, potentially leading to credential disclosure within a trusted session. | |||||
| CVE-2017-13819 | 1 Apple | 1 Mac Os X | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "HelpViewer" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML by bypassing the Same Origin Policy for quarantined HTML documents. | |||||
| CVE-2017-3165 | 1 Apache | 1 Brooklyn | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to be a proof-of-concept exploit using this vulnerability. | |||||
| CVE-2017-12813 | 1 Stivasoft | 1 Phpjabbers File Sharing Script | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section. | |||||
| CVE-2017-12645 | 1 Liferay | 1 Liferay Portal | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId. | |||||
| CVE-2015-5594 | 1 Zenphoto | 1 Zenphoto | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a crafted string. | |||||
| CVE-2017-1502 | 1 Ibm | 1 Content Navigator | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129577. | |||||
| CVE-2017-12366 | 1 Cisco | 1 Webex Meeting Center | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf78635,, CSCvg52440. | |||||
| CVE-2016-0781 | 2 Cloudfoundry, Pivotal Software | 5 Cloud Foundry Uaa Bosh, Cloud Foundry, Cloud Foundry Elastic Runtime and 2 more | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions. | |||||
| CVE-2017-1678 | 1 Ibm | 1 Rational Doors Next Generation | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134000. | |||||
| CVE-2017-12591 | 1 Asus | 2 Dsl-n10s, Dsl-n10s Firmware | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter. | |||||
| CVE-2017-1209 | 1 Ibm | 1 Daeja Viewone | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123849. | |||||
| CVE-2017-1689 | 1 Ibm | 1 Rational Doors Next Generation | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134064. | |||||
| CVE-2017-1000429 | 1 Finecms Project | 1 Finecms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php. | |||||
| CVE-2013-6465 | 1 Redhat | 1 Jbpm | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs. | |||||
| CVE-2017-3127 | 1 Fortinet | 1 Fortios | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation. | |||||
| CVE-2017-12356 | 1 Cisco | 1 Jabber | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf50378, CSCvg56018. | |||||