Total
37215 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1553 | 1 Ibm | 1 Infosphere Biginsights | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131397. | |||||
| CVE-2017-11629 | 1 Finecms | 1 Finecms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request. | |||||
| CVE-2015-4699 | 1 Cloud4wi | 1 Splash Portal | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Splash Portal in Cloud4Wi before 5.9.7 allows remote attackers to inject arbitrary web script or HTML via the recoveryMessage parameter to the default URI. | |||||
| CVE-2017-5612 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt. | |||||
| CVE-2017-7255 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. Someone must login to conduct the attack. | |||||
| CVE-2017-13778 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter. | |||||
| CVE-2017-11685 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter. | |||||
| CVE-2017-17089 | 1 Webmin | 1 Webmin | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
| custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality. | |||||
| CVE-2017-6503 | 1 Qbittorrent | 1 Qbittorrent | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS. | |||||
| CVE-2017-2134 | 1 Uchida | 1 Assetbase | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in ASSETBASE 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-9394 | 1 Ca | 1 Identity Governance | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user. | |||||
| CVE-2017-16810 | 1 Octopus | 1 Octopus Deploy | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 (fixed in 3.13.7) allows remote attackers to inject arbitrary web script or HTML via the Variable Set Name parameter. | |||||
| CVE-2017-15811 | 1 Pootlepress | 1 Pootle Button | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assets_url parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php. | |||||
| CVE-2016-5364 | 1 Mantisbt | 1 Mantisbt | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter. | |||||
| CVE-2017-11744 | 1 Modx | 1 Modx Revolution | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MODX Revolution 2.5.7, the "key" and "name" parameters in the System Settings module are vulnerable to XSS. A malicious payload sent to connectors/index.php will be triggered by every user, when they visit this module. | |||||
| CVE-2015-3257 | 1 Zend | 1 Diactoros | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting (XSS) or open redirect attacks. | |||||
| CVE-2014-9557 | 1 Smartwebsites | 1 Smartcms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in SmartCMS v.2. | |||||
| CVE-2017-15911 | 1 Igniterealtime | 1 Openfire | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
| The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application. | |||||
| CVE-2017-12583 | 1 Dokuwiki | 1 Dokuwiki | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php. | |||||
| CVE-2014-6189 | 1 Ibm | 8 Security Network Protection 3100, Security Network Protection 3100 Firmware, Security Network Protection 4100 and 5 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Security Network Protection 3100, 4100, 5100, and 7100 devices with firmware 5.2 before 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0008 and 5.3 before 5.3.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||