Total
26574 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-16880 | 1 Whoops Project | 1 Whoops | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The dump function in Util/TemplateHelper.php in filp whoops before 2.1.13 has XSS. | |||||
CVE-2018-0799 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are handled, aka "Microsoft Access Tampering Vulnerability". | |||||
CVE-2017-17907 | 1 Car Rental Script Project | 1 Car Rental Script | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter. | |||||
CVE-2017-7736 | 1 Fortinet | 1 Fortiweb | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certificate import. | |||||
CVE-2017-15687 | 1 Logitech | 1 Media Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI. | |||||
CVE-2017-1000063 | 1 Kitto Project | 1 Kitto | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 page resulting in information disclosure | |||||
CVE-2017-15648 | 1 Phpsugar | 1 Php Melody | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter. | |||||
CVE-2017-7739 | 1 Fortinet | 1 Fortios | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim. | |||||
CVE-2017-17096 | 1 Content Cards Project | 1 Content Cards | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Content Cards plugin before 0.9.7 for WordPress allows remote attackers to inject arbitrary JavaScript via crafted OpenGraph data. | |||||
CVE-2017-7422 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features, if this component is configured. Note esfadmingui is not enabled by default. | |||||
CVE-2017-15374 | 1 Shopware | 1 Shopware | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the customer and orders section of the backend. The execution occurs in the administrator backend listing when processing a preview of the customers (kunden) or orders (bestellungen). The injection can be performed interactively via user registration or by manipulation of the order information inputs. The issue can be exploited by low privileged user accounts against higher privileged (admin or moderator) accounts. | |||||
CVE-2017-15941 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.7, when the GlobalProtect gateway or portal is configured, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2017-12798 | 1 Nexusphp Project | 1 Nexusphp | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q parameter to searchsuggest.php. | |||||
CVE-2016-0336 | 1 Ibm | 1 Security Identity Manager | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111737. | |||||
CVE-2017-14651 | 1 Wso2 | 17 Api Manager, App Manager, Application Server and 14 more | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. | |||||
CVE-2017-14134 | 1 Maplesoft | 1 Maple T.a. | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A Reflected XSS Vulnerability affects the forgotten password page of Maplesoft Maple T.A. 2016.0.6 (Customer Hosted) via the emailAddress parameter to passwordreset/PasswordReset.do, aka Open Bug Bounty ID OBB-286688. | |||||
CVE-2017-9452 | 1 Piwigo | 1 Piwigo | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
CVE-2018-5366 | 1 Wpglobus | 1 Wpglobus | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[more_languages] parameter to wp-admin/options.php. | |||||
CVE-2017-13778 | 1 Fiyo | 1 Fiyo Cms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter. | |||||
CVE-2017-11481 | 1 Elastic | 1 Kibana | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. |