Total
26559 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-1217 | 1 Cybozu | 1 Garoon | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2. | |||||
CVE-2017-3821 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvc49348. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.209) 12.0(0.98000.478) 12.0(0.98000.609). | |||||
CVE-2017-3866 | 1 Cisco | 1 Prime Service Catalog | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web framework code of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvc79842 CSCvc79846 CSCvc79855 CSCvc79873 CSCvc79882 CSCvc79891. Known Affected Releases: 11.1.2. | |||||
CVE-2016-6347 | 1 Redhat | 1 Resteasy | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2017-3802 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc20679. Known Affected Releases: 12.0(0.99000.9). Known Fixed Releases: 12.0(0.98000.176) 12.0(0.98000.414) 12.0(0.98000.531) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.8). | |||||
CVE-2016-9214 | 1 Cisco | 1 Identity Services Engine Software | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvb86332 CSCvb86760. Known Affected Releases: 2.0(101.130). | |||||
CVE-2017-3161 | 1 Apache | 1 Hadoop | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter. | |||||
CVE-2017-6797 | 1 Mantisbt | 1 Mantisbt | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter. | |||||
CVE-2016-6035 | 1 Ibm | 2 Rational Quality Manager, Rational Team Concert | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Rational Quality Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116896. | |||||
CVE-2016-9260 | 1 Tenable | 1 Nessus | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files. | |||||
CVE-2017-8833 | 1 Zen-cart | 1 Zen Cart | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's README.md file offers a link to v160.zip with a description of "Download latest in-development version from github." | |||||
CVE-2017-5020 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page. | |||||
CVE-2016-9139 | 1 Otrs | 1 Otrs | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment. | |||||
CVE-2017-6537 | 1 Webpagetest Project | 1 Webpagetest | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (bgcolor) passed to the webpagetest-master/www/video/view.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
CVE-2017-7361 | 1 Lucidcrew | 1 Pixie | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack. | |||||
CVE-2017-2147 | 1 Wp-statistics | 1 Wp Statistics | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2017-6814 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js. | |||||
CVE-2017-0055 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft IIS Server XSS Elevation of Privilege Vulnerability." | |||||
CVE-2016-6607 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack); Relation view; the following Transformations: Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline, and transformation wrapper; XML export; MediaWiki export; Designer; When the MySQL server is running with a specially-crafted log_bin directive; Database tab; Replication feature; and Database search. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
CVE-2015-8856 | 1 Openjsf | 1 Serve-index | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name. |