Total
26633 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-5882 | 1 Ibm | 2 Domino, Inotes | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
CVE-2017-8102 | 1 S9y | 1 Serendipity | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin. | |||||
CVE-2017-5515 | 1 Metalgenix | 1 Genixcms | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names. | |||||
CVE-2017-5179 | 1 Tenable | 1 Nessus | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2017-5006 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | |||||
CVE-2017-6103 | 1 Anyvar Project | 1 Anyvar | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1. | |||||
CVE-2016-9997 | 1 Spip | 1 Spip | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL. | |||||
CVE-2017-5490 | 1 Wordpress | 1 Wordpress | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php. | |||||
CVE-2017-3798 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device. More Information: CSCvb97237. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.5(1.12029.1) 11.5(1.12900.11) 12.0(0.98000.369) 12.0(0.98000.370) 12.0(0.98000.398) 12.0(0.98000.457). | |||||
CVE-2017-7992 | 1 Heartland Payment Systems | 1 Heartland-php | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php v2.8.17 is vulnerable to a reflected XSS in examples/consumer-authentication/cruise.php via the URI, as demonstrated by the cavv parameter. | |||||
CVE-2016-3031 | 1 Ibm | 1 Cognos Analytics | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998887. | |||||
CVE-2017-5832 | 1 Revive-adserver | 1 Revive Adserver | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address. | |||||
CVE-2017-3890 | 1 Blackberry | 2 Appliance-x, Workspaces Vapp | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link. | |||||
CVE-2016-9222 | 1 Cisco | 1 Netflow Generation Appliance | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web-based management interface of Cisco NetFlow Generation Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvb15229. Known Affected Releases: 1.0(2). | |||||
CVE-2016-1217 | 1 Cybozu | 1 Garoon | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2. | |||||
CVE-2017-3821 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvc49348. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.209) 12.0(0.98000.478) 12.0(0.98000.609). | |||||
CVE-2017-3866 | 1 Cisco | 1 Prime Service Catalog | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web framework code of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvc79842 CSCvc79846 CSCvc79855 CSCvc79873 CSCvc79882 CSCvc79891. Known Affected Releases: 11.1.2. | |||||
CVE-2016-6347 | 1 Redhat | 1 Resteasy | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2017-3802 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc20679. Known Affected Releases: 12.0(0.99000.9). Known Fixed Releases: 12.0(0.98000.176) 12.0(0.98000.414) 12.0(0.98000.531) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.8). | |||||
CVE-2016-9214 | 1 Cisco | 1 Identity Services Engine Software | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvb86332 CSCvb86760. Known Affected Releases: 2.0(101.130). |