Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7422 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features, if this component is configured. Note esfadmingui is not enabled by default. | |||||
| CVE-2017-15273 | 1 Mahara | 1 Mahara | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts. | |||||
| CVE-2017-15384 | 1 Phpjabbers | 1 Rate Me | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| rate-me.php in Rate Me 1.0 has XSS via the id field in a rate action. | |||||
| CVE-2017-9836 | 1 Piwigo | 1 Piwigo | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtual_name parameter to /admin.php (i.e., creating a virtual album). | |||||
| CVE-2017-10838 | 1 Seopanel | 1 Seo Panel | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in SEO Panel prior to version 3.11.0 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-7813 | 1 Emon-cms | 1 Deraemon-cms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in DERAEMON-CMS version 0.8.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the parameters hostname, database and username. | |||||
| CVE-2017-14416 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php. | |||||
| CVE-2017-16636 | 1 Bludit | 1 Bludit | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via editor is GET. To save the editor context, the followup POST method request must be processed to perform the attack via the application side. The basic validation of the editor does not allow injecting script codes and blocks the context. Attackers can inject the code by using an editor tag that is not recognized by the basic validation. Thus allows a restricted user account to inject malicious script code to perform a persistent attack against higher privilege web-application user accounts. | |||||
| CVE-2017-16956 | 1 Symphony Project | 1 Symphony | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title. | |||||
| CVE-2017-8085 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php. | |||||
| CVE-2017-6701 | 1 Cisco | 1 Identity Services Engine | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvd49141. Known Affected Releases: 2.1(102.101). | |||||
| CVE-2016-5888 | 1 Ibm | 1 Interact | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 115084. | |||||
| CVE-2017-1001001 | 1 Pluxml | 1 Pluxml | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges. | |||||
| CVE-2017-5515 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names. | |||||
| CVE-2016-4318 | 1 Atlassian | 1 Jira | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name. | |||||
| CVE-2017-6909 | 1 Shishnet | 1 Shimmie | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Shimmie <= 2.5.1. The vulnerability exists due to insufficient filtration of user-supplied data (log) passed to the "shimmie2-master/ext/chatbox/history/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-1429 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127587. | |||||
| CVE-2016-3048 | 1 Ibm | 1 Openpages Grc Platform | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114711. | |||||
| CVE-2017-3838 | 1 Cisco | 1 Secure Access Control System | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvc04838. Known Affected Releases: 5.8(2.5). | |||||
| CVE-2017-11691 | 1 Cacti | 1 Cacti | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. | |||||