Total
29007 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10112 | 1 Woocommerce | 1 Woocommerce | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted tax-rate table values in CSV format. | |||||
| CVE-2017-2118 | 1 Wbce | 1 Wbce Cms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-0770 | 1 Zahmit Design | 1 Connections Business Directory Plugin | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in includes/admin/pages/manage.php in the Connections Business Directory plugin before 8.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s variable. | |||||
| CVE-2015-2883 | 1 Philips | 1 In.sight B120\\37 | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php. | |||||
| CVE-2017-2393 | 1 Apple | 1 Iphone Os | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Safari Reader" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site. | |||||
| CVE-2016-6032 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-9405 | 1 Mybb | 2 Merge System, Mybb | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in member validation in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-0891 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components. | |||||
| CVE-2017-7362 | 1 Lucidcrew | 1 Pixie | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack. | |||||
| CVE-2017-7247 | 1 Gazelle Project | 1 Gazelle | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. The vulnerabilities exist due to insufficient filtration of user-supplied data (torrents, size) passed to the 'Gazelle-master/sections/tools/managers/multiple_freeleech.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-7984 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component. | |||||
| CVE-2017-7390 | 1 Socialnetwork Project | 1 Socialnetwork | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) was discovered in 'SocialNetwork v1.2.1'. The vulnerability exists due to insufficient filtration of user-supplied data (mail) passed to the 'SocialNetwork-andrea/app/template/pw_forgot.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2016-7280 | 1 Microsoft | 1 Edge | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7206. | |||||
| CVE-2017-2122 | 1 Tenable | 1 Nessus | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-9466 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message, this led to a reflected Cross-Site-Scripting vulnerability. | |||||
| CVE-2016-5881 | 1 Ibm | 1 Inotes | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2017-2148 | 1 Iodata | 2 Wn-ac1167gr, Wn-ac1167gr Firmware | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-6864 | 1 Siemens | 1 Ruggedcom Rox I | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks. | |||||
| CVE-2017-6538 | 1 Webpagetest Project | 1 Webpagetest | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (video) passed to the webpagetest-master/www/speedindex/index.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2016-5055 | 1 Osram | 1 Lightify Pro | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page. | |||||