Total
26831 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15568 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history. | |||||
| CVE-2016-6201 | 1 Ektron | 1 Ektron Content Management System | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the ContType parameter in a ViewContentByCategory action to WorkArea/content.aspx. | |||||
| CVE-2016-10257 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256. | |||||
| CVE-2017-9145 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS. | |||||
| CVE-2017-16798 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg. | |||||
| CVE-2016-8975 | 1 Ibm | 1 Rhapsody Design Manager | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118912. | |||||
| CVE-2017-8802 | 1 Synocor | 1 Zimbra Collaboration Suite | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.8.0 Beta2 might allow remote attackers to inject arbitrary web script or HTML via vectors related to the "Show Snippet" functionality. | |||||
| CVE-2017-9548 | 1 Bigtreecms | 1 Bigtree Cms | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is scheduled for future publication (aka a pending page change). | |||||
| CVE-2017-17092 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file. | |||||
| CVE-2017-1203 | 1 Ibm | 1 Bigfix Platform | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123678. | |||||
| CVE-2017-6769 | 1 Cisco | 1 Secure Access Control System | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of the Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. More Information: CSCve70587. Known Affected Releases: 5.8(0.8) 5.8(1.5). | |||||
| CVE-2017-12648 | 1 Liferay | 1 Liferay Portal | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL. | |||||
| CVE-2017-1535 | 1 Ibm | 1 Cognos Analytics | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130677. | |||||
| CVE-2017-2255 | 1 Cybozu | 1 Garoon | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space". | |||||
| CVE-2017-14921 | 1 Tine20 | 1 Tine 2.0 | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | |||||
| CVE-2017-1553 | 1 Ibm | 1 Infosphere Biginsights | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131397. | |||||
| CVE-2017-12348 | 1 Cisco | 1 Unified Computing System Central Software | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986. | |||||
| CVE-2017-12591 | 1 Asus | 2 Dsl-n10s, Dsl-n10s Firmware | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter. | |||||
| CVE-2017-17893 | 1 Readymade Video Sharing Script Project | 1 Readymade Video Sharing Script | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Readymade Video Sharing Script has XSS via the search_video.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter. | |||||
| CVE-2015-9229 | 1 Imagely | 1 Nextgen Gallery | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
| In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter. | |||||