Total
26559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7986 | 1 Joomla | 1 Joomla\! | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components. | |||||
| CVE-2015-6027 | 1 Castlerock | 1 Snmpc | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Castle Rock Computing SNMPc before 2015-12-17 has XSS via SNMP. | |||||
| CVE-2016-4930 | 1 Juniper | 1 Junos Space | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative actions. | |||||
| CVE-2016-10112 | 1 Woocommerce | 1 Woocommerce | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted tax-rate table values in CSV format. | |||||
| CVE-2017-8792 | 1 Accellion | 1 File Transfer Appliance | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter. | |||||
| CVE-2017-6958 | 1 Mantisbt | 1 Source Integration | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability in the MantisBT Source Integration Plugin (before 2.0.2) search result page allows an attacker to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by crafting any valid parameter. | |||||
| CVE-2017-6810 | 1 Mangoswebv4 Project | 1 Mangoswebv4 | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.fplinks.php (linkid parameter). | |||||
| CVE-2017-6559 | 1 Agora-project | 1 Agora-project | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif[]=[XSS] attack. | |||||
| CVE-2015-2883 | 1 Philips | 1 In.sight B120\\37 | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php. | |||||
| CVE-2017-8897 | 1 Invisioncommunity | 1 Invision Power Board | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF8 Converter vulnerability can easily be used to make a malicious announcement affecting any Invision Power Board user who views the announcement. | |||||
| CVE-2017-2136 | 1 Wp Statistics | 1 Wp Statistics | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. | |||||
| CVE-2016-2803 | 1 Mozilla | 1 Bugzilla | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2015-8862 | 1 Mustache.js Project | 1 Mustache.js | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted. | |||||
| CVE-2017-3828 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvb98777. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.0(1.23063.1) 11.5(1.12029.1) 11.5(1.12900.11) 11.5(1.12900.21) 11.6(1.10000.4) 12.0(0.98000.156) 12.0(0.98000.178) 12.0(0.98000.369) 12.0(0.98000.470) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6). | |||||
| CVE-2016-9457 | 1 Revive-adserver | 1 Revive Adserver | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_start, period_end, and possibly others. | |||||
| CVE-2015-6035 | 1 Opsview | 1 Opsview | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Opsview before 2015-11-06 has XSS via SNMP. | |||||
| CVE-2016-6113 | 1 Ibm | 2 Domino, Inotes | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2017-6481 | 1 Phpipam | 1 Phpipam | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross-Site Scripting (XSS) issues were discovered in phpipam 1.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (instructions in app/admin/instructions/preview.php; subnetId in app/admin/powerDNS/refresh-ptr-records.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-5608 | 1 Piwigo | 1 Piwigo | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the image upload function in Piwigo before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via a crafted image filename. | |||||
| CVE-2016-5205 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferred page loads, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | |||||