Total
26559 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-9998 | 1 Spip | 1 Spip | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL. | |||||
CVE-2016-6072 | 1 Ibm | 12 Maximo Asset Management, Maximo For Aviation, Maximo For Life Sciences and 9 more | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
CVE-2017-6909 | 1 Shishnet | 1 Shimmie | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Shimmie <= 2.5.1. The vulnerability exists due to insufficient filtration of user-supplied data (log) passed to the "shimmie2-master/ext/chatbox/history/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
CVE-2016-0255 | 1 Ibm | 1 Marketing Platform | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 110564. | |||||
CVE-2016-6039 | 1 Ibm | 1 Jazz Reporting Service | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
CVE-2017-7391 | 1 Magmi Project | 1 Magmi | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the 'magmi-git-master/magmi/web/ajax_gettime.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
CVE-2016-5077 | 1 Netikus | 1 Eventsentry | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Netikus EventSentry before 3.2.1.44 has XSS via SNMP. | |||||
CVE-2015-4591 | 1 Eclinicalworks | 1 Population Health | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter. | |||||
CVE-2017-6029 | 1 Certec Edv Gmbh | 1 Atvise Scada | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. This may allow remote code execution. | |||||
CVE-2017-6511 | 1 Finecms Project | 1 Finecms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php. | |||||
CVE-2017-5494 | 1 B2evolution | 1 B2evolution | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame. | |||||
CVE-2016-2104 | 1 Redhat | 1 Satellite | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags. | |||||
CVE-2017-7386 | 1 Symetrie Project | 1 Symetrie | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
citymont/symetrie v.0.9.6 is vulnerable to a reflected XSS in symetrie-master/app/commands/page.php (model parameter). | |||||
CVE-2017-2475 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames on a web site. | |||||
CVE-2016-1915 | 1 Blackberry | 1 Blackberry Enterprise Service | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to (1) mydevice/index.jsp or (2) mydevice/loggedOut.jsp. | |||||
CVE-2015-8815 | 1 Umbraco | 1 Umbraco | 2023-12-10 | 5.0 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page. | |||||
CVE-2017-7897 | 1 Mantisbt | 1 Mantisbt | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x before 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote attackers to inject arbitrary code (if CSP settings permit it) through crafted PATH_INFO in a URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs. | |||||
CVE-2016-6022 | 1 Ibm | 1 Rational Quality Manager | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000784. | |||||
CVE-2016-5899 | 1 Ibm | 1 Jazz Reporting Service | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
CVE-2016-9472 | 1 Revive-adserver | 1 Revive Adserver | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possible is extremely narrow and it is very unlikely that such an attack could be actually effective. |