Total
29022 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7271 | 1 Yii Software | 1 Yii | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen. | |||||
| CVE-2017-2361 | 1 Apple | 1 Mac Os X | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site. | |||||
| CVE-2016-5642 | 1 Opmantek | 1 Network Management Information System | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Opmantek NMIS before 8.5.12G has XSS via SNMP. | |||||
| CVE-2016-5075 | 1 Cloudviewnms | 1 Cloudview Nms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| CloudView NMS before 2.10a has XSS via a TELNET login. | |||||
| CVE-2016-5760 | 1 Novell | 1 Groupwise | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp. | |||||
| CVE-2017-5191 | 1 Netiq | 1 Access Manager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header. | |||||
| CVE-2017-6818 | 1 Wordpress | 1 Wordpress | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names. | |||||
| CVE-2016-7206 | 1 Microsoft | 1 Edge | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7280. | |||||
| CVE-2017-6906 | 1 Siberiancms | 1 Siberiancms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in SiberianCMS before 4.10.0. The vulnerability exists due to insufficient filtration of user-supplied data (log) passed to the "SiberianCMS-master/errors/500.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-5179 | 1 Tenable | 1 Nessus | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-9454 | 1 Revive-adserver | 1 Revive Adserver | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages. | |||||
| CVE-2016-6037 | 1 Ibm | 2 Rational Quality Manager, Rational Team Concert | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 116918. | |||||
| CVE-2016-6519 | 2 Openstack, Redhat | 2 Manila, Openstack | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form. | |||||
| CVE-2017-7205 | 1 Gamepanelx | 1 Gamepanelx-v3 | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) was discovered in GamePanelX-V3 3.0.12. The vulnerability exists due to insufficient filtration of user-supplied data (a) passed to the "GamePanelX-V3-master/ajax/ajax.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-9063 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session. | |||||
| CVE-2016-7882 | 1 Adobe | 1 Experience Manager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.2 and earlier have an input validation issue in the WCMDebug filter that could be used in cross-site scripting attacks. | |||||
| CVE-2016-5882 | 1 Ibm | 2 Domino, Inotes | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-7136 | 1 Plone | 1 Plone | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request. | |||||
| CVE-2015-3998 | 2 Clickfraud-monitoring, Phpwhois Project | 2 Adsense-click-fraud-monitoring, Phpwhois | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in phpwhois 4.2.5, as used in the adsense-click-fraud-monitoring plugin 1.7.5 for WordPress, allows remote attackers to inject arbitrary web script or HTML via the query parameter to whois.php. | |||||
| CVE-2017-3890 | 1 Blackberry | 2 Appliance-x, Workspaces Vapp | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link. | |||||