Total
26633 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-1000466 | 1 Invoiceninja | 1 Invoice Ninja | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result in disruption of service and execution of javascript code. | |||||
CVE-2017-14755 | 1 Opentext | 1 Document Sciences Xpression | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, parameter: categoryId. | |||||
CVE-2017-9467 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2017-12272 | 1 Cisco | 1 Ios Xe | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by convincing a user of the web interface to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvb09516. | |||||
CVE-2018-5316 | 1 Patsatech | 1 Sagepay Server Gateway For Woocommerce | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter. | |||||
CVE-2017-1000051 | 1 Xwiki | 1 Cryptpad | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content | |||||
CVE-2017-15878 | 1 Keystonejs | 1 Keystone | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature. | |||||
CVE-2016-10704 | 1 Magento | 1 Magento | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503. | |||||
CVE-2017-1000239 | 1 Invoiceplane | 1 Invoiceplane | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site. | |||||
CVE-2017-15728 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords. | |||||
CVE-2017-15538 | 1 Ilias | 1 Ilias | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php. | |||||
CVE-2017-1531 | 1 Ibm | 1 Business Process Manager | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130410. | |||||
CVE-2017-12572 | 1 Splunk | 1 Splunk | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104. | |||||
CVE-2014-6071 | 1 Jquery | 1 Jquery | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after. | |||||
CVE-2017-17737 | 1 Brightsign | 2 4k242, 4k242 Firmware | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html. | |||||
CVE-2018-5249 | 1 Shaarli Project | 1 Shaarli | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form's username field (aka the login parameter to the ban_canLogin function in index.php). | |||||
CVE-2017-9299 | 1 Otrs | 1 Otrs | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is not affected. | |||||
CVE-2017-14049 | 1 Blackcat-cms | 1 Blackcat Cms | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the Website header or Website footer field. | |||||
CVE-2018-5311 | 1 Tonjoostudio | 1 Easy Custom Auto Excerpt | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the tonjoo_ecae_options[custom_css] parameter to the wp-admin/admin.php?page=tonjoo_excerpt URI. | |||||
CVE-2017-1101 | 1 Ibm | 1 Rational Quality Manager | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120662. |