Total
26574 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-9451 | 1 Flatcore | 1 Flatcore | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs. | |||||
CVE-2012-5636 | 1 Apache | 1 Wicket | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via vectors related to <script> tags in a rendered response. | |||||
CVE-2018-5076 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter. | |||||
CVE-2017-17832 | 1 Serverscheck | 1 Monitoring Software | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter, and JavaScript can be executed on settings-save.html (the Settings - SMS Alerts page). | |||||
CVE-2017-1169 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123188. | |||||
CVE-2017-1650 | 1 Ibm | 1 Rational Doors Next Generation | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133260. | |||||
CVE-2017-1208 | 1 Ibm | 1 Maximo Asset Management | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123778. | |||||
CVE-2017-17911 | 1 Archon | 1 Archon | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?p=core/contact request, aka Open Bug Bounty ID OBB-278503. | |||||
CVE-2014-7240 | 1 Formget | 1 Easy Contact Form Solution | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Easy Contact Form Solution plugin before 1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value parameter in a master_response action to wp-admin/admin-ajax.php. | |||||
CVE-2017-16843 | 1 Vonage | 2 Vdv-23, Vdv-23 Firmware | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic. | |||||
CVE-2017-11651 | 1 Nexusphp | 1 Nexusphp | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag. | |||||
CVE-2018-5666 | 1 Responsive Coming Soon Page Project | 1 Responsive Coming Soon Page | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php bg_color parameter. | |||||
CVE-2016-2973 | 1 Ibm | 1 Sametime | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113899. | |||||
CVE-2017-17714 | 1 Boxug | 1 Trape | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter. | |||||
CVE-2017-1321 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125916. | |||||
CVE-2017-3102 | 1 Adobe | 1 Connect | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Successful exploitation could lead to a reflected cross-site scripting attack. | |||||
CVE-2018-5280 | 1 Sonicwall | 8 Nsa 250m, Nsa 2600, Nsa 2650 and 5 more | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens. | |||||
CVE-2017-11289 | 1 Adobe | 1 Connect | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure. | |||||
CVE-2012-4378 | 1 Mediawiki | 1 Mediawiki | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web script or HTML via the userlang parameter to w/index.php. | |||||
CVE-2017-17989 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action. |