Total
26831 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-3296 | 1 Nodebb | 1 Nodebb | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs. | |||||
CVE-2017-6675 | 1 Cisco | 1 Industrial Network Director | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected system. More Information: CSCvd25405. Known Affected Releases: 1.1(0.176). | |||||
CVE-2017-12357 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf79346. | |||||
CVE-2017-16884 | 1 Mistserver | 1 Mistserver | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts. | |||||
CVE-2016-10256 | 1 Broadcom | 1 Symantec Proxysg | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257. | |||||
CVE-2017-13138 | 1 Qodeinteractive | 1 Bridge | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript. | |||||
CVE-2016-5394 | 1 Apache | 1 Sling | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities. | |||||
CVE-2017-13724 | 1 Axesstel | 2 Mu553s, Mu553s Firmware | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site Scripting vulnerability in the APN parameter under the "Basic Settings" page. | |||||
CVE-2017-1431 | 1 Ibm | 1 Infosphere Streams | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM InfoSphere Streams 4.0, 4.1, and 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127632. | |||||
CVE-2017-15867 | 1 User-login-history Project | 1 User-login-history | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin through 1.5.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, (3) user_id, (4) username, (5) country_name, (6) browser, (7) operating_system, or (8) ip_address parameter to admin/partials/listing/listing.php. | |||||
CVE-2017-6717 | 1 Cisco | 1 Firepower Management Center | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc38801. Known Affected Releases: 6.0.1.3 6.2.1. Known Fixed Releases: 6.2.1. | |||||
CVE-2017-12139 | 1 Xoops | 1 Xoops | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php. | |||||
CVE-2017-14534 | 1 Nexusphp Project | 1 Nexusphp | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to location.php, related to PHP_SELF. | |||||
CVE-2017-12304 | 1 Cisco | 1 Ios | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the IOS daemon (IOSd) web-based management interface of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the web-based management interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf60862. | |||||
CVE-2017-14726 | 1 Wordpress | 1 Wordpress | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. | |||||
CVE-2017-1189 | 1 Ibm | 1 Websphere Portal | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123558. | |||||
CVE-2017-1000042 | 1 Mapbox Project | 1 Mapbox | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name. | |||||
CVE-2017-14923 | 1 Tine20 | 1 Tine 2.0 | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | |||||
CVE-2017-1000443 | 1 Openhacker Project | 1 Openhacker | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnerability in the bank transactions component resulting in arbitrary code execution in the browser. | |||||
CVE-2017-1209 | 1 Ibm | 1 Daeja Viewone | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123849. |