Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6465 | 1 Redhat | 1 Jbpm | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs. | |||||
| CVE-2017-2169 | 1 Maxbuttons Project | 1 Maxbuttons | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in MaxButtons prior to version 6.19 and MaxButtons Pro prior to version 6.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-6121 | 1 Ibm | 2 Emptoris Strategic Supply Management, Emptoris Supplier Lifecycle Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118383. | |||||
| CVE-2017-11651 | 1 Nexusphp | 1 Nexusphp | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag. | |||||
| CVE-2017-9298 | 1 Hitachi | 1 Device Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code. | |||||
| CVE-2016-9987 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120553. | |||||
| CVE-2016-9457 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_start, period_end, and possibly others. | |||||
| CVE-2016-5642 | 1 Opmantek | 1 Network Management Information System | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Opmantek NMIS before 8.5.12G has XSS via SNMP. | |||||
| CVE-2015-2148 | 1 Phpbugtracker Project | 1 Phpbugtracker | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2017-16723 | 1 Phoenixcontact | 26 Fl Com Server Rs232, Fl Com Server Rs232 Firmware, Fl Com Server Rs485 and 23 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERVER RS232, FL COM SERVER RS485, and PSI-MODEM/ETH (running firmware versions prior to 1.99, 2.20, or 2.40). The cross-site scripting vulnerability has been identified, which may allow remote code execution. | |||||
| CVE-2017-6483 | 1 Atutor | 1 Atutor | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (lang_code in themes/*/admin/system_preferences/language_edit.tmpl.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-2194 | 1 Ipa | 1 Icodechecker | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Source code security studying tool iCodeChecker allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-5833 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2017-16836 | 1 Commscope | 2 Arris Tg1682g, Arris Tg1682g Firmware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter. | |||||
| CVE-2017-12591 | 1 Asus | 2 Dsl-n10s, Dsl-n10s Firmware | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter. | |||||
| CVE-2017-5020 | 1 Google | 1 Chrome | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page. | |||||
| CVE-2017-7038 | 1 Apple | 4 Iphone Os, Safari, Tvos and 1 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. | |||||
| CVE-2017-6734 | 1 Cisco | 1 Identity Services Engine | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected device, related to the Guest Portal. More Information: CSCvd74794. Known Affected Releases: 1.3(0.909) 2.1(0.800). | |||||
| CVE-2017-9249 | 1 Allen Disk Project | 1 Allen Disk | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATH_INFO to readfile.php. | |||||
| CVE-2017-5045 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page. | |||||