Vulnerabilities (CVE)

Filtered by CWE-79
Total 26205 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-5075 1 Advanced Real Estate Script Project 1 Advanced Real Estate Script 2023-12-10 3.5 LOW 4.8 MEDIUM
Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter.
CVE-2017-2187 1 3cx 1 Live Chat 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-10798 1 Objectplanet 1 Opinio 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
In ObjectPlanet Opinio before 7.6.4, there is XSS.
CVE-2017-8758 1 Microsoft 1 Exchange Server 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability."
CVE-2017-15573 2 Debian, Redmine 2 Debian Linux, Redmine 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content.
CVE-2015-7879 1 Stickynote Project 1 Stickynote 2023-12-10 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the Stickynote module 7.x before 7.x-1.3 for Drupal allows remote authenticated users with permission to create or edit a stickynote to inject arbitrary web script or HTML via note text on the admin listing page.
CVE-2017-14321 1 Mirasvit 1 Helpdesk Mx 2023-12-10 3.5 LOW 5.4 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) customer name or (2) subject in a ticket.
CVE-2017-1482 1 Ibm 1 Sterling B2b Integrator 2023-12-10 3.5 LOW 5.4 MEDIUM
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128620.
CVE-2017-1421 1 Ibm 1 Inotes 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2017-16841 1 Lansweeper 1 Lansweeper 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx.
CVE-2017-7384 1 Flipbuilder 1 Flip Pdf 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF allows remote attackers to inject arbitrary web script or HTML via the currentHTMLURL parameter.
CVE-2016-8748 1 Apache 1 Nifi 2023-12-10 3.5 LOW 5.4 MEDIUM
In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM.
CVE-2017-14621 1 Suse 1 Portus 2023-12-10 3.5 LOW 5.4 MEDIUM
Portus 2.2.0 has XSS via the Team field, related to typeahead.
CVE-2017-2216 1 Wpdownloadmanager 1 Wordpress Download Manager 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-10886 1 Cs-cart 2 Cs-cart, Cs-cart Multivendor 2023-12-10 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-2967 1 Ibm 1 Sametime 2023-12-10 3.5 LOW 5.4 MEDIUM
IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Sametime away message altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113848.
CVE-2017-9249 1 Allen Disk Project 1 Allen Disk 2023-12-10 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATH_INFO to readfile.php.
CVE-2016-9747 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Engineering Lifecycle Manager 2023-12-10 3.5 LOW 5.4 MEDIUM
IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2017-15947 1 Aspsource 1 Simple Asc Content Management System 2023-12-10 3.5 LOW 5.4 MEDIUM
Simple ASC Content Management System v1.2 has XSS in the location field in the sign function, related to guestbook.asp, formgb.asp, and msggb.asp.
CVE-2016-10516 1 Palletsprojects 1 Werkzeug 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message.