Total
26564 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-17938 | 1 Single Theater Booking Script Project | 1 Single Theater Booking Script | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter. | |||||
CVE-2017-1327 | 1 Ibm | 1 Inotes | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126062. | |||||
CVE-2017-12221 | 1 Cisco | 1 Firepower Management Center | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the affected software. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code in the context of the affected system. Cisco Bug IDs: CSCvc38983. | |||||
CVE-2017-7665 | 1 Apache | 1 Nifi | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient. | |||||
CVE-2017-17752 | 1 Codecrafters | 1 Ability Mail Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.2.4. | |||||
CVE-2017-1000491 | 1 Shiba Project | 1 Shiba | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration. | |||||
CVE-2017-1372 | 1 Ibm | 1 Tririga Application Platform | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126865. | |||||
CVE-2017-6725 | 1 Cisco | 1 Prime Infrastructure | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCuw65833 CSCuw65837. Known Affected Releases: 2.2(2). | |||||
CVE-2015-3299 | 1 Floating Social Bar Project | 1 Floating Social Bar | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Floating Social Bar plugin before 1.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to original service order. | |||||
CVE-2017-15375 | 1 Wpjobboard | 1 Wpjobboard | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the `query` and `id` parameters of the `wpjb-email`, `wpjb-job`, `wpjb-application`, and `wpjb-membership` modules. Remote attackers are able to inject malicious script code to hijack admin session credentials via the backend, or to manipulate the backend on client-side performed requests. The attack vector is non-persistent and the request method to inject is GET. The attacker does not need a privileged user account to perform a successful exploitation. | |||||
CVE-2017-11288 | 1 Adobe | 1 Connect | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure. | |||||
CVE-2017-1278 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124756. | |||||
CVE-2017-14765 | 1 Genixcms | 1 Genixcms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request. | |||||
CVE-2015-3169 | 1 Askbot | 1 Askbot | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in askbot 0.7.51-4.el6.noarch. | |||||
CVE-2015-6959 | 1 Vindula | 1 Vindula | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in Vindula 1.9. | |||||
CVE-2017-15278 | 1 Teampass | 1 Teampass | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
CVE-2017-1554 | 1 Ibm | 1 Infosphere Biginsights | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131398. | |||||
CVE-2015-0101 | 1 Ibm | 1 Business Process Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; IBM Business Process Manager Express 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; and IBM Business Process Manager Advanced 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5. | |||||
CVE-2017-11439 | 1 Sitecore | 1 Cms | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter. | |||||
CVE-2017-16721 | 1 Geovap | 1 Reliance-scada | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A Cross-site Scripting issue was discovered in Geovap Reliance SCADA Version 4.7.3 Update 2 and prior. This vulnerability could allow an unauthenticated attacker to inject arbitrary code. |