Total
26633 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-0265 | 1 Ibm | 1 Campaign | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |||||
CVE-2015-6021 | 1 Spiceworks | 1 Desktop | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response. | |||||
CVE-2017-8763 | 1 Telaxius | 1 Epesi | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in modules/Base/Box/check_for_new_version.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URI that lacks the cid parameter. | |||||
CVE-2016-7282 | 1 Microsoft | 2 Edge, Internet Explorer | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability." | |||||
CVE-2017-7242 | 1 Slims | 1 Slims7 Cendana | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple Cross-Site Scripting (XSS) were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkout_item.php, bibliography/dl_print.php, bibliography/item.php, bibliography/item_barcode_generator.php, bibliography/printed_card.php, circulation/loan_rules.php, master_file/author.php, master_file/coll_type.php, and master_file/doc_language.php and the quickReturnID field to circulation/ajax_action.php. | |||||
CVE-2016-9737 | 1 Ibm | 1 Tririga Application Platform | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1996200. | |||||
CVE-2017-6809 | 1 Mangoswebv4 Project | 1 Mangoswebv4 | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.donate.php (id parameter). | |||||
CVE-2016-9409 | 1 Mybb | 2 Merge System, Mybb | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving pruning logs. | |||||
CVE-2016-2864 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2017-7249 | 1 Gazelle Project | 1 Gazelle | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. The vulnerabilities exist due to insufficient filtration of user-supplied data (action, userid) passed to the 'Gazelle-master/sections/tools/data/ocelot_info.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
CVE-2017-2644 | 1 Moodle | 1 Moodle | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
In Moodle 3.x, XSS can occur via evidence of prior learning. | |||||
CVE-2016-5642 | 1 Opmantek | 1 Network Management Information System | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Opmantek NMIS before 8.5.12G has XSS via SNMP. | |||||
CVE-2017-9070 | 1 Modx | 1 Modx Revolution | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php. | |||||
CVE-2017-6808 | 1 Mangoswebv4 Project | 1 Mangoswebv4 | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.faq.php (id parameter). | |||||
CVE-2017-7591 | 1 Openidm Project | 1 Openidm | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/user/. | |||||
CVE-2016-9419 | 1 Mybb | 1 Mybb | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-8477 | 1 Redmine | 1 Redmine | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering. | |||||
CVE-2016-10083 | 1 Piwigo | 1 Piwigo | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo through 2.8.3 allows remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in a certain error case. | |||||
CVE-2017-5164 | 1 Binom3 | 2 Universal Multifunctional Electric Power Quality Meter, Universal Multifunctional Electric Power Quality Meter Firmware | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Input sent from a malicious client is not properly verified by the server. An attacker can execute arbitrary script code in another user's browser session (CROSS-SITE SCRIPTING). | |||||
CVE-2016-5055 | 1 Osram | 1 Lightify Pro | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page. |