Total
26205 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-5075 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter. | |||||
CVE-2017-2187 | 1 3cx | 1 Live Chat | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2017-10798 | 1 Objectplanet | 1 Opinio | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
In ObjectPlanet Opinio before 7.6.4, there is XSS. | |||||
CVE-2017-8758 | 1 Microsoft | 1 Exchange Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability." | |||||
CVE-2017-15573 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content. | |||||
CVE-2015-7879 | 1 Stickynote Project | 1 Stickynote | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Stickynote module 7.x before 7.x-1.3 for Drupal allows remote authenticated users with permission to create or edit a stickynote to inject arbitrary web script or HTML via note text on the admin listing page. | |||||
CVE-2017-14321 | 1 Mirasvit | 1 Helpdesk Mx | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) customer name or (2) subject in a ticket. | |||||
CVE-2017-1482 | 1 Ibm | 1 Sterling B2b Integrator | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128620. | |||||
CVE-2017-1421 | 1 Ibm | 1 Inotes | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
CVE-2017-16841 | 1 Lansweeper | 1 Lansweeper | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx. | |||||
CVE-2017-7384 | 1 Flipbuilder | 1 Flip Pdf | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF allows remote attackers to inject arbitrary web script or HTML via the currentHTMLURL parameter. | |||||
CVE-2016-8748 | 1 Apache | 1 Nifi | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM. | |||||
CVE-2017-14621 | 1 Suse | 1 Portus | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Portus 2.2.0 has XSS via the Team field, related to typeahead. | |||||
CVE-2017-2216 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2017-10886 | 1 Cs-cart | 2 Cs-cart, Cs-cart Multivendor | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2016-2967 | 1 Ibm | 1 Sametime | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Sametime away message altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113848. | |||||
CVE-2017-9249 | 1 Allen Disk Project | 1 Allen Disk | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATH_INFO to readfile.php. | |||||
CVE-2016-9747 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Engineering Lifecycle Manager | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
CVE-2017-15947 | 1 Aspsource | 1 Simple Asc Content Management System | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Simple ASC Content Management System v1.2 has XSS in the location field in the sign function, related to guestbook.asp, formgb.asp, and msggb.asp. | |||||
CVE-2016-10516 | 1 Palletsprojects | 1 Werkzeug | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message. |