Total
29021 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9909 | 1 Html5lib | 1 Html5lib | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values. | |||||
| CVE-2017-7222 | 1 Mantisbt | 1 Mantisbt | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT configuration management pages (i.e., administrator access rights) or altering the system configuration file (config_inc.php). | |||||
| CVE-2017-8384 | 1 Craftcms | 1 Craft Cms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052. | |||||
| CVE-2016-5207 | 1 Google | 1 Chrome | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page. | |||||
| CVE-2016-2986 | 1 Ibm | 5 Rational Doors Next Generation, Rational Engineering Lifecycle Manager, Rational Quality Manager and 2 more | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6.0.1 iFix6, Rational DOORS Next Generation 6.x before 6.0.1 iFix6, Rational Engineering Lifecycle Manager 6.x before 6.0.1 iFix6, and Rational Rhapsody Design Manager 6.x before 6.0.1 iFix6 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-8892 | 1 Opentext | 1 Tempo Box | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image. | |||||
| CVE-2016-6847 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their XML structure contains script code, that code may get executed when calling the related cover URL. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). | |||||
| CVE-2017-6490 | 1 Epesi | 1 Epesi | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (cid, value, element, mode, tab, form_name, id) passed to the EPESI-master/modules/Utils/RecordBrowser/grid.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2016-6283 | 1 Atlassian | 1 Confluence | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action. | |||||
| CVE-2017-3829 | 1 Cisco | 1 Unified Communications Manager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc30999. Known Affected Releases: 12.0(0.98000.280). Known Fixed Releases: 11.0(1.23900.3) 12.0(0.98000.180) 12.0(0.98000.422) 12.0(0.98000.541) 12.0(0.98000.6). | |||||
| CVE-2016-6054 | 1 Ibm | 1 Jazz Reporting Service | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2017-5157 | 2 Schneider-electric, Schneider Electric | 2 Homelynk Controller Lss100100, Homelynk Controller Lss100100 Firmware | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of JavaScript code. | |||||
| CVE-2017-4978 | 1 Rsa | 1 Adaptive Authentication \(on Premise\) | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 (exclusive) contains a fix for a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-6029 | 1 Certec Edv Gmbh | 1 Atvise Scada | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. This may allow remote code execution. | |||||
| CVE-2016-0218 | 1 Ibm | 1 Cognos Business Intelligence | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |||||
| CVE-2016-10203 | 1 Zoneminder | 1 Zoneminder | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor. | |||||
| CVE-2016-6055 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1995515. | |||||
| CVE-2016-5932 | 1 Ibm | 1 Connections | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998294. | |||||
| CVE-2015-8831 | 1 Dotclear | 1 Dotclear | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment. | |||||
| CVE-2016-9000 | 1 Ibm | 2 Infosphere Datastage, Infosphere Information Server On Cloud | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct clickjacking or other client-side browser attacks. | |||||