Total
26831 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-3103 | 1 Adobe | 1 Connect | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to a stored cross-site scripting attack. | |||||
CVE-2017-17383 | 1 Jenkins | 1 Jenkins | 2023-12-10 | 3.5 LOW | 4.7 MEDIUM |
Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624. | |||||
CVE-2017-8642 | 1 Microsoft | 2 Edge, Windows 10 | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka "Microsoft Edge Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8503. | |||||
CVE-2016-9986 | 1 Ibm | 1 Jazz Reporting Service | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120552. | |||||
CVE-2017-7339 | 1 Fortinet | 1 Fortiportal | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality. | |||||
CVE-2017-10667 | 1 Zen-cart | 1 Zen Cart | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS. | |||||
CVE-2018-5292 | 1 Gd Rating System Project | 1 Gd Rating System | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-information page. | |||||
CVE-2017-5241 | 1 Biscom | 1 Secure File Transfer | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting (XSS) in the "Name" and "Description" fields of a Workspace, as well as the "Description" field of a File Details pane of a file stored in a Workspace. This issue has been resolved in version 5.1.1025. | |||||
CVE-2017-1002017 | 1 Bobcares | 1 Gift-certificate-creator | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability. | |||||
CVE-2016-9733 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Team Concert | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119762. | |||||
CVE-2017-7663 | 1 Apache | 1 Openmeetings | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0. | |||||
CVE-2016-10366 | 1 Elastic | 1 Kibana | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Kibana versions after and including 4.3 and before 4.6.2 are vulnerable to a cross-site scripting (XSS) attack. | |||||
CVE-2015-9248 | 1 Skyboxsecurity | 1 Skybox Platform | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
An issue was discovered in Skybox Platform before 7.5.201. Stored cross-site scripting vulnerabilities exist in the title, Comments, or Description field to /skyboxview/webskybox/tickets in Change Manager. | |||||
CVE-2017-10711 | 1 Simplerisk | 1 Simplerisk | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
In SimpleRisk 20170614-001, a CSRF attack on reset.php (aka the Send Password Reset Email form) can insert XSS sequences via the user parameter. | |||||
CVE-2017-6700 | 1 Cisco | 1 Prime Infrastructure | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) based (environment or client-side) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24620 CSCvc49586. Known Affected Releases: 3.1(1) 2.0(4.0.45B). | |||||
CVE-2017-14618 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action. | |||||
CVE-2014-6027 | 1 Torrentflux Project | 1 Torrentflux | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 allow (1) remote attackers to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent file or (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a link to torrent details. | |||||
CVE-2017-9613 | 1 Sap | 1 Successfactors | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality. | |||||
CVE-2015-1866 | 1 Emberjs | 1 Ember.js | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2. | |||||
CVE-2017-13671 | 1 Misp | 1 Misp | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation. |