Total
26831 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-5191 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:payload@example.com URL. | |||||
CVE-2016-6348 | 1 Redhat | 1 Resteasy | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack. | |||||
CVE-2016-6857 | 1 Sap | 1 Hybris | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Create Catalogue feature in Hybris Management Console (HMC) in SAP Hybris before 5.2.0.13, 5.3.x before 5.3.0.11, 5.4.x before 5.4.0.11, 5.5.0.x before 5.5.0.10, 5.5.1.x before 5.5.1.11, 5.6.x before 5.6.0.11, and 5.7.x before 5.7.0.15 allows remote authenticated users to inject arbitrary web script or HTML via the ID field. | |||||
CVE-2017-0195 | 1 Microsoft | 5 Excel Web App, Office Online Server, Office Web Apps and 2 more | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability." | |||||
CVE-2017-3557 | 1 Oracle | 1 One-to-one Fulfillment | 2023-12-10 | 7.8 HIGH | 7.1 HIGH |
Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | |||||
CVE-2016-6047 | 1 Ibm | 1 Jazz Reporting Service | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
CVE-2017-5010 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | |||||
CVE-2016-6856 | 1 Sap | 1 Hybris | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Inbox Search feature in Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to inject arbitrary web script or HTML via the itemsperpage parameter. | |||||
CVE-2016-2986 | 1 Ibm | 5 Rational Doors Next Generation, Rational Engineering Lifecycle Manager, Rational Quality Manager and 2 more | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6.0.1 iFix6, Rational DOORS Next Generation 6.x before 6.0.1 iFix6, Rational Engineering Lifecycle Manager 6.x before 6.0.1 iFix6, and Rational Rhapsody Design Manager 6.x before 6.0.1 iFix6 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2016-9751 | 1 Piwigo | 1 Piwigo | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the search results front end in Piwigo 2.8.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
CVE-2017-0891 | 1 Nextcloud | 1 Nextcloud Server | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components. | |||||
CVE-2017-6556 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings > globalmetadata" field. | |||||
CVE-2017-7271 | 1 Yii Software | 1 Yii | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen. | |||||
CVE-2017-6811 | 1 Mangoswebv4 Project | 1 Mangoswebv4 | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.shop.php (id parameter). | |||||
CVE-2017-2361 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site. | |||||
CVE-2017-6561 | 1 Agora-project | 1 Agora-project | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack. | |||||
CVE-2016-4948 | 1 Cloudera | 1 Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Template Name field when renaming a template; (2) KDC Server host, (3) Kerberos Security Realm, (4) Kerberos Encryption Types, (5) Advanced Configuration Snippet (Safety Valve) for [libdefaults] section of krb5.conf, (6) Advanced Configuration Snippet (Safety Valve) for the Default Realm in krb5.conf, (7) Advanced Configuration Snippet (Safety Valve) for remaining krb5.conf, or (8) Active Directory Account Prefix fields in the Kerberos wizard; or (9) classicWizard parameter to cmf/cloudera-director/redirect. | |||||
CVE-2017-7579 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field. | |||||
CVE-2017-6541 | 1 Webpagetest Project | 1 Webpagetest | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, time) passed to the webpagetest-master/www/benchmarks/viewtest.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
CVE-2016-6933 | 1 Adobe | 2 Experience Manager, Livecycle | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks. |