Total
26560 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-5594 | 1 Zenphoto | 1 Zenphoto | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a crafted string. | |||||
CVE-2017-12356 | 1 Cisco | 1 Jabber | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf50378, CSCvg56018. | |||||
CVE-2017-11198 | 1 Finecms Project | 1 Finecms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_image.php in FineCMS through 2017-07-12 allows remote attackers to inject arbitrary web script or HTML via the folder, id, or name parameter. | |||||
CVE-2015-3976 | 1 Ge | 14 Multilink Ml1200, Multilink Ml1200 Firmware, Multilink Ml1600 and 11 more | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier. | |||||
CVE-2017-1098 | 1 Ibm | 1 Emptoris Supplier Lifecycle Management | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120658. | |||||
CVE-2017-16681 | 1 Sap | 1 Business Intelligence Promotion Management Application | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as user controlled inputs are not sufficiently encoded. | |||||
CVE-2018-5364 | 1 Wpglobus | 1 Wpglobus | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[browser_redirect][redirect_by_language] parameter to wp-admin/options.php. | |||||
CVE-2017-1324 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125975. | |||||
CVE-2011-4955 | 1 Bsuite Project | 1 Bsuite | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in the bSuite plugin before 5 alpha 3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or (2) p parameters to index.php. | |||||
CVE-2017-1632 | 1 Ibm | 1 Sterling File Gateway | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133178. | |||||
CVE-2018-5367 | 1 Wpglobus | 1 Wpglobus | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][post] parameter to wp-admin/options.php. | |||||
CVE-2017-9298 | 1 Hitachi | 1 Device Manager | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code. | |||||
CVE-2016-1000220 | 1 Elastic | 1 Kibana | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers. | |||||
CVE-2017-15811 | 1 Pootlepress | 1 Pootle Button | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assets_url parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php. | |||||
CVE-2015-9247 | 1 Skyboxsecurity | 1 Skybox Platform | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
An issue was discovered in Skybox Platform before 7.5.401. Reflected cross-site scripting vulnerabilities exist in /skyboxview/webservice/services/VersionRepositoryWebService via a soapenv:Body element, or in the status parameter to login.html. | |||||
CVE-2017-1359 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126686. | |||||
CVE-2018-5653 | 1 Weblizar | 1 Pinterest-feeds | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php weblizar_pffree_settings_save_get-users parameter. | |||||
CVE-2017-16567 | 1 Logitech | 1 Media Server | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a "favorite." | |||||
CVE-2017-1623 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133121. | |||||
CVE-2018-5692 | 1 Piwigo | 1 Piwigo | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file. |