Total
29034 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9085 | 1 Kodak | 1 Insite | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 6.5 to 8.0 allow remote attackers to inject arbitrary web script via the (1) "paramFile" parameter to /Site/Troubleshooting/DiagnosticReport.asp, or (2) "paramFile" parameter to /Site/Troubleshooting/SpeedTest.asp. | |||||
| CVE-2017-1683 | 1 Ibm | 1 Connections Engagement Center | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Connections Engagement Center 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134005. | |||||
| CVE-2017-9668 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action. | |||||
| CVE-2017-1169 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123188. | |||||
| CVE-2017-15219 | 1 Dotcms | 1 Dotcms | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field. | |||||
| CVE-2017-1000023 | 1 Logicaldoc | 1 Logicaldoc | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document. | |||||
| CVE-2017-16843 | 1 Vonage | 2 Vdv-23, Vdv-23 Firmware | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic. | |||||
| CVE-2012-4378 | 1 Mediawiki | 1 Mediawiki | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web script or HTML via the userlang parameter to w/index.php. | |||||
| CVE-2017-1431 | 1 Ibm | 1 Infosphere Streams | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM InfoSphere Streams 4.0, 4.1, and 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127632. | |||||
| CVE-2017-7998 | 1 Gespage | 1 Gespage | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Gespage before 7.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) printer name when adding a printer in the admin panel or (2) username parameter to webapp/users/user_reg.jsp. | |||||
| CVE-2017-12257 | 1 Cisco | 1 Webex Meetings Server | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve96608. | |||||
| CVE-2017-11195 | 1 Pulsesecure | 1 Pulse Connect Secure | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags, so one cannot simply close the src with a quote and inject after that. However, an attacker can use javascript: or data: to abuse this. | |||||
| CVE-2017-10676 | 2 D-link, Dlink | 2 Dir-600m Firmware, Dir-600m | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter. | |||||
| CVE-2017-1000038 | 1 Relevanssi | 1 Relevanssi | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site | |||||
| CVE-2017-1327 | 1 Ibm | 1 Inotes | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126062. | |||||
| CVE-2017-17043 | 1 Zitec | 1 Emag Marketplace Connector | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly. | |||||
| CVE-2017-14414 | 2 D-link, Dlink | 2 Dir-850l Firmware, Dir-850l | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php. | |||||
| CVE-2017-8440 | 1 Elastic | 1 Kibana | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | |||||
| CVE-2015-7878 | 1 Taxonomy Find Project | 1 Taxonomy Find | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x-2.x through 7.x-1.0 in Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via taxonomy vocabulary and term names. | |||||
| CVE-2017-14973 | 1 Identicard | 1 Two-reader Controller Configuration Manager | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user page). | |||||