Total
29034 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3833 | 1 Cisco | 1 Unified Communications Manager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. More Information: CSCvb95951. Known Affected Releases: 12.0(0.99999.2). Known Fixed Releases: 11.0(1.23064.1) 11.5(1.12031.1) 11.5(1.12900.21) 11.5(1.12900.7) 11.5(1.12900.8) 11.6(1.10000.4) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.367) 12.0(0.98000.468) 12.0(0.98000.469) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6). | |||||
| CVE-2017-5608 | 1 Piwigo | 1 Piwigo | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the image upload function in Piwigo before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via a crafted image filename. | |||||
| CVE-2016-4056 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark. | |||||
| CVE-2016-4880 | 1 Basercms | 1 Basercms | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-7386 | 1 Symetrie Project | 1 Symetrie | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| citymont/symetrie v.0.9.6 is vulnerable to a reflected XSS in symetrie-master/app/commands/page.php (model parameter). | |||||
| CVE-2016-6933 | 1 Adobe | 2 Experience Manager, Livecycle | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks. | |||||
| CVE-2016-5682 | 1 Smartbear | 1 Swagger-ui | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section. | |||||
| CVE-2016-3057 | 1 Ibm | 1 Sterling B2b Integrator | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-2710 | 1 Oliver Project | 1 Oliver | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Oliver (formerly Webshare) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the (1) login page (index.php) or (2) login form (loginform-inc.php). | |||||
| CVE-2015-8684 | 1 Exponentcms | 1 Exponent Cms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then accessing it via the elFinder functionality. | |||||
| CVE-2017-7298 | 1 Moodle | 1 Moodle | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add a new course" page, as demonstrated by a crafted attribute of an SVG element. | |||||
| CVE-2017-2644 | 1 Moodle | 1 Moodle | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Moodle 3.x, XSS can occur via evidence of prior learning. | |||||
| CVE-2017-6908 | 1 Concrete5 | 1 Concrete5 | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (fID) passed to the "concrete5-legacy-master/web/concrete/tools/files/selector_data.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2016-3031 | 1 Ibm | 1 Cognos Analytics | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998887. | |||||
| CVE-2017-7309 | 1 Mantisbt | 1 Mantisbt | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3. | |||||
| CVE-2017-7320 | 1 Modx | 1 Modx Revolution | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a denial of service (cookie quota exhaustion), or conduct HTTP Response Splitting attacks with resultant XSS, via an invalid parameter value. | |||||
| CVE-2017-5488 | 1 Wordpress | 1 Wordpress | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin. | |||||
| CVE-2017-7359 | 1 Lucidcrew | 1 Pixie | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack. | |||||
| CVE-2017-5875 | 1 Dotcms | 1 Dotcms | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter. | |||||
| CVE-2016-1214 | 1 Cybozu | 1 Garoon | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2. | |||||