Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4865 | 1 Cybozu | 1 Office | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function. | |||||
| CVE-2017-3132 | 1 Fortinet | 1 Fortios | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken. | |||||
| CVE-2015-8831 | 1 Dotclear | 1 Dotclear | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment. | |||||
| CVE-2017-16843 | 1 Vonage | 2 Vdv-23, Vdv-23 Firmware | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic. | |||||
| CVE-2017-6053 | 1 Trihedral | 1 Vtscada | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user's browser. | |||||
| CVE-2016-6125 | 1 Ibm | 1 Kenexa Lms On Cloud | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2017-9459 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the management web interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-6761 | 1 Cisco | 1 Finesse | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Finesse 10.6(1) and 11.5(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvd96744. | |||||
| CVE-2017-2274 | 1 Buffalo | 4 Wmr-433, Wmr-433 Firmware, Wmr-433w and 1 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-11179 | 1 Finecms Project | 1 Finecms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| FineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account. | |||||
| CVE-2017-6067 | 1 Getsymphony | 1 Symphony | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field. | |||||
| CVE-2017-1164 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123036. | |||||
| CVE-2017-14920 | 1 Egroupware | 1 Egroupware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator. | |||||
| CVE-2017-11182 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable. | |||||
| CVE-2017-12347 | 1 Cisco | 1 Data Center Network Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247. | |||||
| CVE-2017-9072 | 1 Calendarxp | 2 Flatcalendarxp, Popcalendarxp | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Two CalendarXP products have XSS in common parts of HTML files. CalendarXP FlatCalendarXP through 9.9.290 has XSS in iflateng.htm and nflateng.htm. CalendarXP PopCalendarXP through 9.8.308 has XSS in ipopeng.htm and npopeng.htm. | |||||
| CVE-2017-7391 | 1 Magmi Project | 1 Magmi | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the 'magmi-git-master/magmi/web/ajax_gettime.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2016-2274 | 1 Adcon Telemetry | 2 A850 Telemetry Gateway Base Station, A850 Telemetry Gateway Base Station Firmware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base Station. The Web Interface does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output; this could allow for cross-site scripting. | |||||
| CVE-2015-0101 | 1 Ibm | 1 Business Process Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; IBM Business Process Manager Express 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; and IBM Business Process Manager Advanced 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5. | |||||
| CVE-2017-15872 | 1 Phpwcms | 1 Phpwcms | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
| phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the username (aka new_login) field. | |||||