Total
26521 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-9332 | 1 Pivotx | 1 Pivotx | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag. | |||||
CVE-2016-10508 | 1 Phpthumb Project | 1 Phpthumb | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php. | |||||
CVE-2018-5072 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter. | |||||
CVE-2017-17431 | 1 Genixcms | 1 Genixcms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, term, to, or token parameter. NOTE: this might overlap CVE-2017-14761, CVE-2017-14762, or CVE-2017-14765. | |||||
CVE-2016-0781 | 2 Cloudfoundry, Pivotal Software | 5 Cloud Foundry Uaa Bosh, Cloud Foundry, Cloud Foundry Elastic Runtime and 2 more | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions. | |||||
CVE-2017-15934 | 1 Artica | 1 Pandora Fms | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scripting in the map name parameter. | |||||
CVE-2017-9419 | 1 Webhammer | 1 Wp-custom-fields-search | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter. | |||||
CVE-2016-10404 | 1 Liferay | 1 Liferay Portal | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp. | |||||
CVE-2017-15214 | 1 Flyspray | 1 Flyspray | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php. | |||||
CVE-2017-17929 | 1 Ordermanagementscript | 1 Professional Service Script | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter. | |||||
CVE-2016-6810 | 1 Apache | 1 Activemq | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation. | |||||
CVE-2016-7823 | 1 Buffalotech | 2 Wnc01wh, Wnc01wh Firmware | 2023-12-10 | 2.3 LOW | 4.3 MEDIUM |
Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2017-17094 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL. | |||||
CVE-2017-9331 | 1 Epesi | 1 Epesi | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted meeting description parameter. | |||||
CVE-2017-8569 | 1 Microsoft | 1 Sharepoint Server | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Microsoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it sanitizes a specially crafted web request to an affected SharePoint server, aka "SharePoint Server XSS Vulnerability". | |||||
CVE-2017-11296 | 1 Adobe | 1 Experience Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager. | |||||
CVE-2017-14751 | 1 Intensewp | 1 Wp Jobs | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field. | |||||
CVE-2017-15948 | 1 Edgeofmyseat | 1 Perch | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
Perch Content Management System 3.0.3 allows unrestricted file upload (with resultant XSS) via the Asset Title field in conjunction with the Select File field. This is exploitable with a Limited Admin account. | |||||
CVE-2017-1305 | 1 Ibm | 1 Rational Doors Next Generation | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125459. | |||||
CVE-2015-7474 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in Jazz Foundation in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108501. |