Total
36798 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7451 | 1 Nodejs | 1 Node.js | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag. | |||||
| CVE-2017-11666 | 1 Kopano | 1 Webapp | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in js/ViewerPanel.js in the file previewer plugin in Kopano WebApp versions 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a specially crafted previewable file. | |||||
| CVE-2016-2274 | 1 Adcon Telemetry | 2 A850 Telemetry Gateway Base Station, A850 Telemetry Gateway Base Station Firmware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base Station. The Web Interface does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output; this could allow for cross-site scripting. | |||||
| CVE-2017-1000140 | 1 Mahara | 1 Mahara | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file. | |||||
| CVE-2017-9289 | 1 Note Project | 1 Note | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-source\ui\editor.php (edit parameter). | |||||
| CVE-2014-9916 | 1 Bilboplanet | 1 Bilboplanet | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) tribe_name or (2) tags parameter in a tribes page request to user/ or the (3) user_id or (4) fullname parameter to signup.php. | |||||
| CVE-2017-16866 | 1 Finecms | 1 Finecms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) in core/M_Controller.php via the DR_URI field. | |||||
| CVE-2017-1000213 | 1 Wbce | 1 Wbce Cms | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
| WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search | |||||
| CVE-2017-15727 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment. | |||||
| CVE-2017-3102 | 1 Adobe | 1 Connect | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Successful exploitation could lead to a reflected cross-site scripting attack. | |||||
| CVE-2017-6560 | 1 Agora-project | 1 Agora-project | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[XSS]&editObjId=[XSS] attack. | |||||
| CVE-2017-6808 | 1 Mangoswebv4 Project | 1 Mangoswebv4 | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.faq.php (id parameter). | |||||
| CVE-2017-1169 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123188. | |||||
| CVE-2017-15892 | 1 Synology | 1 Chat | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter. | |||||
| CVE-2017-16784 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter. | |||||
| CVE-2017-17868 | 1 Liferay | 1 Liferay Portal | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag. | |||||
| CVE-2017-7359 | 1 Lucidcrew | 1 Pixie | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack. | |||||
| CVE-2016-6113 | 1 Ibm | 2 Domino, Inotes | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2017-14510 | 1 Sugarcrm | 1 Sugarcrm | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). The WebToLeadCapture functionality is found vulnerable to unauthenticated cross-site scripting (XSS) attacks. This attack vector is mitigated by proper validating the redirect URL values being passed along. | |||||
| CVE-2016-4327 | 1 Wso2 | 1 Enablement Server For Java | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||