Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6555 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka "Design Manager > Categories > Category Description"). | |||||
| CVE-2017-17925 | 1 Ordermanagementscript | 1 Professional Service Script | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter. | |||||
| CVE-2016-8948 | 1 Ibm | 1 Emptoris Sourcing | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118835. | |||||
| CVE-2017-1000059 | 1 Livehelperchat | 1 Live Helper Chat | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users. | |||||
| CVE-2017-6809 | 1 Mangoswebv4 Project | 1 Mangoswebv4 | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.donate.php (id parameter). | |||||
| CVE-2017-14370 | 1 Rsa | 1 Archer Grc Platform | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. | |||||
| CVE-2017-9071 | 1 Modx | 1 Modx Revolution | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
| In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning. | |||||
| CVE-2017-16815 | 1 Snapcreek | 1 Duplicator | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values "url_new" (/wp-content/plugins/duplicator/installer/build/view.step4.php) and "logging" (wp-content/plugins/duplicator/installer/build/view.step2.php) are not filtered correctly. | |||||
| CVE-2017-9336 | 1 Wp Editor.md Project | 1 Wp Editor.md | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post. | |||||
| CVE-2017-15612 | 1 Mistune Project | 1 Mistune | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions. | |||||
| CVE-2017-8302 | 1 Blueriver | 1 Muracms | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dsp_nextn.cfm, admin/core/views/cusers/inc/dsp_search_form.cfm, admin/core/views/cusers/inc/dsp_users_list.cfm, admin/core/views/cusers/list.cfm, and admin/core/views/cusers/listusers.cfm. | |||||
| CVE-2015-6748 | 2 Debian, Jsoup | 2 Debian Linux, Jsoup | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. | |||||
| CVE-2017-1169 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123188. | |||||
| CVE-2017-15009 | 1 Paessler | 1 Prtg Network Monitor | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected Cross-Site Scripting on error.htm (the error page), via the errormsg parameter. | |||||
| CVE-2017-17937 | 1 Vanguard Project | 1 Marketplace Digital Products Php | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search. | |||||
| CVE-2017-1168 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123187. | |||||
| CVE-2017-12221 | 1 Cisco | 1 Secure Firewall Management Center | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the affected software. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code in the context of the affected system. Cisco Bug IDs: CSCvc38983. | |||||
| CVE-2017-1560 | 1 Ibm | 1 Rational Doors Next Generation | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131759. | |||||
| CVE-2017-5938 | 4 Debian, Opensuse, Opensuse Project and 1 more | 4 Debian Linux, Leap, Leap and 1 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name. | |||||
| CVE-2017-9145 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS. | |||||