Vulnerabilities (CVE)

Filtered by CWE-79
Total 26203 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-16567 1 Logitech 1 Media Server 2023-12-10 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a "favorite."
CVE-2017-1623 1 Ibm 1 Qradar Security Information And Event Manager 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133121.
CVE-2018-5692 1 Piwigo 1 Piwigo 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file.
CVE-2018-5655 1 Weblizar 1 Pinterest-feeds 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php security parameter.
CVE-2018-5663 1 Responsive Coming Soon Page Project 1 Responsive Coming Soon Page 2023-12-10 3.5 LOW 4.8 MEDIUM
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php button_text_link parameter.
CVE-2017-14588 1 Atlassian 2 Crucible, Fisheye 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter.
CVE-2017-14985 1 Eyesofnetwork 1 Eyesofnetwork 2023-12-10 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the url parameter to module/module_frame/index.php.
CVE-2017-16878 1 Paloaltonetworks 1 Pan-os 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS before 8.0.7 allows remote attackers to inject arbitrary web script or HTML by leveraging an unspecified configuration.
CVE-2017-16819 1 Icontime 2 Rtc-1000, Rtc-1000 Firmware 2023-12-10 3.5 LOW 5.4 MEDIUM
A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field for the employee details page (/employee.html) that is then reflected in multiple pages where that field data is utilized, resulting in session hijacking and possible elevation of privileges.
CVE-2017-16564 1 Grandstream 2 Ht802, Ht802 Firmware 2023-12-10 3.5 LOW 5.4 MEDIUM
Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148).
CVE-2017-17826 1 Piwigo 1 Piwigo 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.php?page=configuration&section=main request. An attacker can exploit this to hijack a client's browser along with the data stored in it.
CVE-2017-7316 1 Humaxdigital 2 Hg100r, Hg100r Firmware 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered on Humax Digital HG100R 2.0.6 devices. There is XSS on the 404 page.
CVE-2015-7666 1 Codepeople 1 Payment Form For Paypal Pro 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the cal parameter.
CVE-2017-17991 1 Iwcnetwork 1 Biometric Shift Employee Management System 2023-12-10 3.5 LOW 5.4 MEDIUM
Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request.
CVE-2017-14973 1 Identicard 1 Two-reader Controller Configuration Manager 2023-12-10 3.5 LOW 5.4 MEDIUM
IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user page).
CVE-2016-7509 1 Glpi-project 1 Glpi 2023-12-10 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket.
CVE-2017-12292 1 Cisco 1 Email Encryption 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999.
CVE-2017-9361 1 Websitebaker 1 Websitebaker 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php.
CVE-2017-14036 1 Crushftp 1 Crushftp 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
CrushFTP before 7.8.0 and 8.x before 8.2.0 has XSS.
CVE-2017-1363 1 Ibm 1 Rational Collaborative Lifecycle Management 2023-12-10 3.5 LOW 5.4 MEDIUM
IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126856.