Total
29021 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1566 | 1 Apache | 1 Guacamole | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. NOTE: this vulnerability was fixed in guacamole.war on 2016-01-13, but the version number was not changed. | |||||
| CVE-2016-6031 | 1 Ibm | 1 Rational Quality Manager | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784. | |||||
| CVE-2016-4892 | 1 Setucocms Project | 1 Setucocms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in SetsucoCMS all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-4888 | 1 Zohocorp | 1 Servicedesk Plus | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-9459 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the browser as an HTML document. Thus any injected data in the log would be executed. | |||||
| CVE-2016-7884 | 1 Adobe | 1 Experience Manager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.1 and earlier have an input validation issue in the DAM create assets that could be used in cross-site scripting attacks. | |||||
| CVE-2016-9997 | 1 Spip | 1 Spip | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL. | |||||
| CVE-2016-0919 | 1 Rsa | 1 Web Threat Detection | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| EMC RSA Web Threat Detection version 5.0, RSA Web Threat Detection version 5.1, RSA Web Threat Detection version 5.1.2 has a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-6395 | 1 Hashover Project | 1 Hashover | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in HashOver 2.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the 'hashover/scripts/widget-output.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2016-9409 | 1 Mybb | 2 Merge System, Mybb | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving pruning logs. | |||||
| CVE-2017-2578 | 1 Moodle | 1 Moodle | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Moodle 3.x, there is XSS in the assignment submission page. | |||||
| CVE-2014-9772 | 1 Nodejs | 1 Node.js | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters. | |||||
| CVE-2016-9407 | 1 Mybb | 2 Merge System, Mybb | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving Mod control panel logs. | |||||
| CVE-2017-8792 | 1 Accellion | 1 File Transfer Appliance | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter. | |||||
| CVE-2017-9140 | 1 Progress | 2 Sitefinity Cms, Telerik Reporting | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. | |||||
| CVE-2016-6285 | 1 Atlassian | 1 Jira | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. | |||||
| CVE-2016-5897 | 1 Ibm | 1 Jazz Reporting Service | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | |||||
| CVE-2016-0217 | 1 Ibm | 1 Cognos Analytics | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |||||
| CVE-2017-5006 | 1 Google | 1 Chrome | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | |||||
| CVE-2017-7288 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) before 8.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||