Total
26562 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-9655 | 1 Osisoft | 3 Pi Integrator For Business Analystics, Pi Integrator For Microsoft Azure, Pi Integrator For Sap Hana | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker may be able to upload a malicious script that attempts to redirect users to a malicious web site. | |||||
CVE-2017-9332 | 1 Pivotx | 1 Pivotx | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag. | |||||
CVE-2016-10508 | 1 Phpthumb Project | 1 Phpthumb | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php. | |||||
CVE-2018-5072 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter. | |||||
CVE-2017-17431 | 1 Genixcms | 1 Genixcms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, term, to, or token parameter. NOTE: this might overlap CVE-2017-14761, CVE-2017-14762, or CVE-2017-14765. | |||||
CVE-2016-0781 | 2 Cloudfoundry, Pivotal Software | 5 Cloud Foundry Uaa Bosh, Cloud Foundry, Cloud Foundry Elastic Runtime and 2 more | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions. | |||||
CVE-2017-15934 | 1 Artica | 1 Pandora Fms | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scripting in the map name parameter. | |||||
CVE-2017-9419 | 1 Webhammer | 1 Wp-custom-fields-search | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter. | |||||
CVE-2016-10404 | 1 Liferay | 1 Liferay Portal | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp. | |||||
CVE-2017-15214 | 1 Flyspray | 1 Flyspray | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php. | |||||
CVE-2017-17929 | 1 Ordermanagementscript | 1 Professional Service Script | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter. | |||||
CVE-2016-6810 | 1 Apache | 1 Activemq | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation. | |||||
CVE-2016-7823 | 1 Buffalotech | 2 Wnc01wh, Wnc01wh Firmware | 2023-12-10 | 2.3 LOW | 4.3 MEDIUM |
Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2017-17094 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL. | |||||
CVE-2017-9331 | 1 Epesi | 1 Epesi | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted meeting description parameter. | |||||
CVE-2017-8569 | 1 Microsoft | 1 Sharepoint Server | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Microsoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it sanitizes a specially crafted web request to an affected SharePoint server, aka "SharePoint Server XSS Vulnerability". | |||||
CVE-2017-11296 | 1 Adobe | 1 Experience Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager. | |||||
CVE-2017-14751 | 1 Intensewp | 1 Wp Jobs | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field. | |||||
CVE-2017-15948 | 1 Edgeofmyseat | 1 Perch | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
Perch Content Management System 3.0.3 allows unrestricted file upload (with resultant XSS) via the Asset Title field in conjunction with the Select File field. This is exploitable with a Limited Admin account. | |||||
CVE-2017-1305 | 1 Ibm | 1 Rational Doors Next Generation | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125459. |