Total
26831 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-2336 | 1 Juniper | 1 Screenos | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the attacker to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue. | |||||
CVE-2017-16768 | 1 Synology | 1 Mailplus Server | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter. | |||||
CVE-2017-14241 | 1 Dolibarr | 1 Dolibarr | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php. | |||||
CVE-2017-1000459 | 1 Leanote | 1 Leanote | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes | |||||
CVE-2017-17059 | 1 Amtythumb Project | 1 Amtythumb | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php. | |||||
CVE-2017-17745 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter. | |||||
CVE-2014-8758 | 1 Tech-banker | 1 Gallery Bank | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in the gallery_album_sorting page to wp-admin/admin.php. | |||||
CVE-2015-1177 | 1 Exponentcms | 1 Exponent Cms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2. | |||||
CVE-2012-6682 | 1 Dragonbyte-tech | 1 Vbdownloads Module | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in downloads/actions/editdownload.php in the DragonByte Technologies vBDownloads module 1.3.2 and earlier for vBulletin allows remote attackers to inject arbitrary web script or HTML via the mirrors[] parameter. | |||||
CVE-2017-9655 | 1 Osisoft | 3 Pi Integrator For Business Analystics, Pi Integrator For Microsoft Azure, Pi Integrator For Sap Hana | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker may be able to upload a malicious script that attempts to redirect users to a malicious web site. | |||||
CVE-2017-9332 | 1 Pivotx | 1 Pivotx | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag. | |||||
CVE-2016-10508 | 1 Phpthumb Project | 1 Phpthumb | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php. | |||||
CVE-2018-5072 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter. | |||||
CVE-2017-17431 | 1 Genixcms | 1 Genixcms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, term, to, or token parameter. NOTE: this might overlap CVE-2017-14761, CVE-2017-14762, or CVE-2017-14765. | |||||
CVE-2016-0781 | 2 Cloudfoundry, Pivotal Software | 5 Cloud Foundry Uaa Bosh, Cloud Foundry, Cloud Foundry Elastic Runtime and 2 more | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions. | |||||
CVE-2017-15934 | 1 Artica | 1 Pandora Fms | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scripting in the map name parameter. | |||||
CVE-2017-9419 | 1 Webhammer | 1 Wp-custom-fields-search | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter. | |||||
CVE-2016-10404 | 1 Liferay | 1 Liferay Portal | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp. | |||||
CVE-2017-15214 | 1 Flyspray | 1 Flyspray | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php. | |||||
CVE-2017-17929 | 1 Ordermanagementscript | 1 Professional Service Script | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter. |