Total
26700 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-9356 | 1 Sitecore | 1 Sitecore.net | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Sitecore.NET 7.1 through 7.2 has a Cross Site Scripting Vulnerability via the searchStr parameter to the /Search-Results URI. | |||||
CVE-2017-6788 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the WebLaunch function of the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code into the request. Cisco Bug IDs: CSCvf12055. Known Affected Releases: 98.89(40). | |||||
CVE-2017-12323 | 1 Cisco | 1 Registered Envelope Service | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999. | |||||
CVE-2017-1503 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578. | |||||
CVE-2017-7335 | 1 Fortinet | 1 Fortiwlc | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and "branchtotable" present in HTTP POST requests. | |||||
CVE-2015-6521 | 1 Atutor | 1 Atutor | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS version 2.2. | |||||
CVE-2017-11107 | 2 Debian, Phpldapadmin Project | 2 Debian Linux, Phpldapadmin | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter. | |||||
CVE-2017-7421 | 1 Microfocus | 4 Directory Server, Enterprise Developer, Enterprise Server and 1 more | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features. | |||||
CVE-2018-5687 | 1 Newsbee Project | 1 Newsbee | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
NewsBee allows XSS via the Company Name field in the Settings under admin/admin.php. | |||||
CVE-2015-3296 | 1 Nodebb | 1 Nodebb | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs. | |||||
CVE-2017-6675 | 1 Cisco | 1 Industrial Network Director | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected system. More Information: CSCvd25405. Known Affected Releases: 1.1(0.176). | |||||
CVE-2017-12357 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf79346. | |||||
CVE-2017-16884 | 1 Mistserver | 1 Mistserver | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts. | |||||
CVE-2016-10256 | 1 Broadcom | 1 Symantec Proxysg | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257. | |||||
CVE-2017-13138 | 1 Qodeinteractive | 1 Bridge | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript. | |||||
CVE-2016-5394 | 1 Apache | 1 Sling | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities. | |||||
CVE-2017-13724 | 1 Axesstel | 2 Mu553s, Mu553s Firmware | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site Scripting vulnerability in the APN parameter under the "Basic Settings" page. | |||||
CVE-2017-1431 | 1 Ibm | 1 Infosphere Streams | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM InfoSphere Streams 4.0, 4.1, and 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127632. | |||||
CVE-2017-15867 | 1 User-login-history Project | 1 User-login-history | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin through 1.5.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, (3) user_id, (4) username, (5) country_name, (6) browser, (7) operating_system, or (8) ip_address parameter to admin/partials/listing/listing.php. | |||||
CVE-2017-6717 | 1 Cisco | 1 Firepower Management Center | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc38801. Known Affected Releases: 6.0.1.3 6.2.1. Known Fixed Releases: 6.2.1. |