Total
26562 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-2145 | 1 Phpbugtracker Project | 1 Phpbugtracker | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
CVE-2017-14363 | 1 Microfocus | 1 Operations Manager I | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). | |||||
CVE-2017-8016 | 1 Emc | 1 Archer Grc Platform | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. | |||||
CVE-2018-5078 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
Online Ticket Booking has XSS via the admin/eventlist.php cast parameter. | |||||
CVE-2017-6661 | 1 Cisco | 2 Content Security Management Appliance, Email Security Appliance | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. More Information: CSCvd30805 CSCvd34861. Known Affected Releases: 10.0.0-203 10.1.0-049. | |||||
CVE-2017-14093 | 1 Trendmicro | 1 Scanmail | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks. | |||||
CVE-2017-14313 | 1 Shibboleth Project | 1 Shibboleth | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The shibboleth_login_form function in shibboleth.php in the Shibboleth plugin before 1.8 for WordPress is prone to an XSS vulnerability due to improper use of add_query_arg(). | |||||
CVE-2017-1345 | 1 Ibm | 1 Insights Foundation For Energy | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Insights Foundation for Energy 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126460. | |||||
CVE-2017-1199 | 1 Ibm | 1 Infosphere Master Data Management Server | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123674. | |||||
CVE-2017-6733 | 1 Cisco | 1 Identity Services Engine | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvd87482. Known Affected Releases: 2.1(102.101) 2.2(0.283) 2.3(0.151). | |||||
CVE-2017-17868 | 1 Liferay | 1 Liferay Portal | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag. | |||||
CVE-2017-16723 | 1 Phoenixcontact | 26 Fl Com Server Rs232, Fl Com Server Rs232 Firmware, Fl Com Server Rs485 and 23 more | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERVER RS232, FL COM SERVER RS485, and PSI-MODEM/ETH (running firmware versions prior to 1.99, 2.20, or 2.40). The cross-site scripting vulnerability has been identified, which may allow remote code execution. | |||||
CVE-2017-1000492 | 1 Leanote | 1 Desktop | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration | |||||
CVE-2017-1164 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123036. | |||||
CVE-2017-7276 | 1 Topdesk | 1 Topdesk | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
There is reflected XSS in TOPdesk before 5.7.6 and 6.x and 7.x before 7.03.019. | |||||
CVE-2017-8024 | 1 Emc | 1 Isilon Onefs | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the affected system. | |||||
CVE-2017-12738 | 1 Siemens | 2 Sm-2556, Sm-2556 Firmware | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into clicking on a malicious link. | |||||
CVE-2017-4967 | 3 Debian, Pivotal Software, Vmware | 3 Debian Linux, Rabbitmq, Rabbitmq | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks. | |||||
CVE-2017-14597 | 1 Afterlogic | 2 Aurora, Webmail | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain. | |||||
CVE-2017-16765 | 1 Dlink | 2 Dwr-933, Dwr-933 Firmware | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi. |