Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12979 | 1 Dokuwiki | 1 Dokuwiki | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution. | |||||
| CVE-2017-8569 | 1 Microsoft | 1 Sharepoint Server | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it sanitizes a specially crafted web request to an affected SharePoint server, aka "SharePoint Server XSS Vulnerability". | |||||
| CVE-2016-0781 | 2 Cloudfoundry, Pivotal Software | 5 Cloud Foundry Uaa Bosh, Cloud Foundry, Cloud Foundry Elastic Runtime and 2 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions. | |||||
| CVE-2017-12980 | 1 Dokuwiki | 1 Dokuwiki | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonstrated by the dc:creator element. | |||||
| CVE-2017-15878 | 1 Keystonejs | 1 Keystone | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature. | |||||
| CVE-2017-5542 | 1 Getsymphony | 1 Symphony | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter. | |||||
| CVE-2017-9767 | 1 Quali | 1 Cloudshell | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Name or (2) Description parameter to RM/Reservation/ReserveNew; the (3) Description parameter to RM/Topology/Update; the (4) Name, (5) Description, (6) ExecutionBatches[0].Name, (7) ExecutionBatches[0].Description, or (8) Labels parameter to SnQ/JobTemplate/Edit; or (9) Alias or (10) Description parameter to RM/AbstractTemplate/AddOrUpdateAbstractTemplate. | |||||
| CVE-2016-3049 | 1 Ibm | 1 Openpages Grc Platform | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 114712. | |||||
| CVE-2017-5832 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address. | |||||
| CVE-2017-8833 | 1 Zen-cart | 1 Zen Cart | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's README.md file offers a link to v160.zip with a description of "Download latest in-development version from github." | |||||
| CVE-2016-0765 | 1 Elfden | 1 Eshop Plugin | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) action parameter. | |||||
| CVE-2016-8213 | 1 Emc | 4 Documentum Administrator, Documentum Capital Projects, Documentum Taskspace and 1 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-12254 | 1 Cisco | 1 Unified Intelligence Center | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76848, CSCve76856. | |||||
| CVE-2017-17904 | 1 Fortunescripts | 1 Lynda Clone | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| FS Lynda Clone has XSS via the keywords parameter to tutorial/ or the edit_profile_first_name parameter to user/edit_profile. | |||||
| CVE-2017-7388 | 1 Wallaceit | 1 Wallacepos | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) was discovered in 'wallacepos v1.4.1'. The vulnerability exists due to insufficient filtration of user-supplied data (token) passed to the 'wallacepos-master/myaccount/resetpassword.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-12322 | 1 Cisco | 1 Email Encryption | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999. | |||||
| CVE-2014-8957 | 1 Openkm | 1 Openkm | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter. | |||||
| CVE-2017-15888 | 1 Synology | 1 Audio Station | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter. | |||||
| CVE-2016-9473 | 1 Brave | 1 Browser | 2025-04-20 | 4.3 MEDIUM | 4.7 MEDIUM |
| Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names. | |||||
| CVE-2017-12680 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php. | |||||