Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15194 | 1 Cacti | 1 Cacti | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page. | |||||
| CVE-2015-6540 | 1 Igcb | 1 Intellect Digital Core | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Intellect Design Arena Intellect Core banking software. | |||||
| CVE-2016-9979 | 1 Ibm | 1 Curam Social Program Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120255. | |||||
| CVE-2017-6392 | 1 Kaltura | 1 Kaltura Server | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "server-Lynx-12.11.0/admin_console/web/tools/XmlJWPlayer.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-11611 | 1 Wolfcms | 1 Wolf Cms | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of the file name in a "create-file-popup" action, and the directory name in a "create-directory-popup" action, in the HTTP POST method to the "/plugin/file_manager/" script (aka an /admin/plugin/file_manager/browse// URI). | |||||
| CVE-2017-6484 | 1 Inter-mediator | 1 Inter-mediator | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross-Site Scripting (XSS) issues were discovered in INTER-Mediator 5.5. The vulnerabilities exist due to insufficient filtration of user-supplied data (c and cred) passed to the "INTER-Mediator-master/Auth_Support/PasswordReset/resetpassword.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-7335 | 1 Fortinet | 1 Fortiwlc | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and "branchtotable" present in HTTP POST requests. | |||||
| CVE-2017-14717 | 1 Telaxius | 1 Epesi | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter. | |||||
| CVE-2017-13724 | 1 Axesstel | 2 Mu553s, Mu553s Firmware | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site Scripting vulnerability in the APN parameter under the "Basic Settings" page. | |||||
| CVE-2017-2123 | 1 Onethird | 1 Onethird Cms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via language.php. | |||||
| CVE-2017-6503 | 1 Qbittorrent | 1 Qbittorrent | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS. | |||||
| CVE-2017-1133 | 1 Ibm | 2 Qradar Incident Forensics, Qradar Security Information And Event Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534. | |||||
| CVE-2017-5876 | 1 Dotcms | 1 Dotcms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /news-events/events date parameter. | |||||
| CVE-2017-1000015 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters | |||||
| CVE-2017-1000063 | 1 Kitto Project | 1 Kitto | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 page resulting in information disclosure | |||||
| CVE-2017-14036 | 1 Crushftp | 1 Crushftp | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| CrushFTP before 7.8.0 and 8.x before 8.2.0 has XSS. | |||||
| CVE-2017-12798 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q parameter to searchsuggest.php. | |||||
| CVE-2016-4988 | 1 Jenkins | 1 Build Failure Analyzer | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. | |||||
| CVE-2017-14712 | 1 Telaxius | 1 Epesi | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter. | |||||
| CVE-2017-1303 | 1 Ibm | 1 Websphere Portal | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125457. | |||||