Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6511 | 1 Finecms Project | 1 Finecms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php. | |||||
| CVE-2017-9609 | 1 Blackcat-cms | 1 Blackcat Cms | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php. | |||||
| CVE-2017-11716 | 1 Metinfo Project | 1 Metinfo | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode. | |||||
| CVE-2009-1198 | 1 Apache | 1 Juddi | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Apache jUDDI before 2.0 allows remote attackers to inject arbitrary web script or HTML via the dsname parameter to happyjuddi.jsp. | |||||
| CVE-2016-0713 | 1 Cloudfoundry | 1 Cf-release | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
| Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests. | |||||
| CVE-2015-6588 | 1 Modx | 1 Modx Revolution | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Revolution before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. | |||||
| CVE-2017-16784 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter. | |||||
| CVE-2017-9674 | 1 Simplece | 1 Simplece | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?return_url=[XSS] exploitable as a regular or admin user. | |||||
| CVE-2017-13778 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter. | |||||
| CVE-2017-14720 | 1 Wordpress | 1 Wordpress | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. | |||||
| CVE-2017-6654 | 1 Cisco | 1 Unified Communications Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager 10.5 through 11.5 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvc06608. | |||||
| CVE-2017-6749 | 1 Cisco | 2 Web Security Appliance, Web Security Virtual Appliance | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88865. Known Affected Releases: 10.1.0-204. | |||||
| CVE-2017-17995 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request. | |||||
| CVE-2017-14724 | 1 Wordpress | 1 Wordpress | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery. | |||||
| CVE-2017-17792 | 1 Blogotext Project | 1 Blogotext | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in the markup_clean_href function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment. | |||||
| CVE-2016-5948 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2017-14714 | 1 Telaxius | 1 Epesi | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter. | |||||
| CVE-2017-6556 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings > globalmetadata" field. | |||||
| CVE-2017-7554 | 1 Redhat | 1 Mobile Application Platform | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using App Studio. | |||||
| CVE-2016-3409 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637. | |||||