Total
26633 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-14498 | 1 Silverstripe | 1 Silverstripe | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017. | |||||
CVE-2017-17043 | 1 Zitec | 1 Emag Marketplace Connector | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly. | |||||
CVE-2017-6765 | 1 Cisco | 1 Adaptive Security Appliance Software | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.1(6.11) and 9.4(1.2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka WebVPN XSS. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve19179. | |||||
CVE-2017-17981 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter. | |||||
CVE-2017-11611 | 1 Wolfcms | 1 Wolf Cms | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of the file name in a "create-file-popup" action, and the directory name in a "create-directory-popup" action, in the HTTP POST method to the "/plugin/file_manager/" script (aka an /admin/plugin/file_manager/browse// URI). | |||||
CVE-2015-1588 | 1 Open-xchange | 2 Open-xchange Appsuite, Open-xchange Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21. | |||||
CVE-2017-18004 | 1 Zurmo | 1 Zurmo Crm | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint. | |||||
CVE-2017-4930 | 1 Vmware | 1 Airwatch | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. Successful exploitation of this issue could result in an unsuspecting AWC user being redirected to a malicious URL. | |||||
CVE-2017-11594 | 1 Loomio | 1 Loomio | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment. | |||||
CVE-2017-15287 | 1 Bouqueteditor Project | 1 Bouqueteditor | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI. | |||||
CVE-2016-9732 | 1 Ibm | 1 Curam Social Program Management | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119761. | |||||
CVE-2018-5715 | 1 Sugarcrm | 1 Sugarcrm | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable). | |||||
CVE-2016-3113 | 1 Redhat | 1 Ovirt-engine | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML. | |||||
CVE-2017-0378 | 1 Phamm | 1 Phamm | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS exists in the login_form function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATH_INFO to main.php. | |||||
CVE-2017-15305 | 1 Nexusphp Project | 1 Nexusphp | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php. | |||||
CVE-2017-9244 | 1 Trello | 1 Trello | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Trello app before 4.0.8 for iOS might allow remote attackers to inject arbitrary web script or HTML by uploading and attaching a crafted photo to a Card. | |||||
CVE-2017-1494 | 1 Ibm | 1 Business Process Manager | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128692. | |||||
CVE-2017-5004 | 2 Emc, Rsa | 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. | |||||
CVE-2017-14197 | 1 Squiz | 1 Matrix | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting (XSS) issues in Matrix WYSIWYG plugins. | |||||
CVE-2017-11458 | 1 Sap | 1 Netweaver Application Server Java | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783. |