Total
36697 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6213 | 1 Paypal | 1 Php Invoice Sdk | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution. | |||||
| CVE-2017-5934 | 4 Canonical, Debian, Moinmo and 1 more | 4 Ubuntu Linux, Debian Linux, Moinmoin and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-5864 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS). | |||||
| CVE-2017-5827 | 1 Hp | 1 Aruba Clearpass Policy Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A reflected cross site scripting vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. | |||||
| CVE-2017-5800 | 1 Hp | 1 Operations Bridge Analytics | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Remote Cross-Site Scripting (XSS) vulnerability in HPE Operations Bridge Analytics version v3.0 was found. | |||||
| CVE-2017-5798 | 1 Hp | 1 Opencall Media Platform | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found. The vulnerability impacts OCMP versions prior to 3.4.2 RP201 (for OCMP 3.x), all versions prior to 4.4.7 RP702 (for OCMP 4.x). | |||||
| CVE-2017-5536 | 1 Tibco | 1 Datasynapse Gridserver Manager | 2024-11-21 | 3.5 LOW | 6.3 MEDIUM |
| The GridServer Broker, and GridServer Director components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS). In addition, an authenticated user could be a victim of a cross-site request forgery (CSRF) attack. Affected releases include TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0. | |||||
| CVE-2017-5466 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-5458 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| When a "javascript:" URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themselves. This vulnerability affects Firefox < 53. | |||||
| CVE-2017-5393 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. This vulnerability affects Firefox < 51. | |||||
| CVE-2017-5213 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS). | |||||
| CVE-2017-5124 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page. | |||||
| CVE-2017-3964 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter. | |||||
| CVE-2017-3961 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes. | |||||
| CVE-2017-3180 | 1 Tibco | 10 Silver Fabric Enabler For Spotfire Web Player, Spotfire Analyst, Spotfire Analytics Platform For Aws and 7 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The products and versions that are affected include the following: TIBCO Silver Fabric Enabler for Spotfire Web Player 2.1.2 and earlier TIBCO Spotfire Analyst 7.5.0 TIBCO Spotfire Analyst 7.6.0 TIBCO Spotfire Analyst 7.7.0 TIBCO Spotfire Analytics Platform for AWS Marketplace 7.0.2 and earlier TIBCO Spotfire Automation Services 6.5.3 and earlier TIBCO Spotfire Automation Services 7.0.0, and 7.0.1 TIBCO Spotfire Connectors 7.6.0 TIBCO Spotfire Deployment Kit 6.5.3 and earlier TIBCO Spotfire Deployment Kit 7.0.0, and 7.0.1 TIBCO Spotfire Deployment Kit 7.5.0 TIBCO Spotfire Deployment Kit 7.6.0 TIBCO Spotfire Deployment Kit 7.7.0 TIBCO Spotfire Desktop 6.5.2 and earlier TIBCO Spotfire Desktop 7.0.0, and 7.0.1 TIBCO Spotfire Desktop 7.5.0 TIBCO Spotfire Desktop 7.6.0 TIBCO Spotfire Desktop 7.7.0 TIBCO Spotfire Desktop Developer Edition 7.7.0 TIBCO Spotfire Desktop Language Packs 7.0.1 and earlier TIBCO Spotfire Desktop Language Packs 7.5.0 TIBCO Spotfire Desktop Language Packs 7.6.0 TIBCO Spotfire Desktop Language Packs 7.7.0 TIBCO Spotfire Professional 6.5.3 and earlier TIBCO Spotfire Professional 7.0.0 and 7.0.1 TIBCO Spotfire Web Player 6.5.3 and earlier TIBCO Spotfire Web Player 7.0.0 and 7.0.1 | |||||
| CVE-2017-2746 | 1 Hp | 1 Jetadvantage Security Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to create a denial of service. | |||||
| CVE-2017-2745 | 1 Hp | 1 Jetadvantage Security Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to execute scripts in a user's browser. | |||||
| CVE-2017-2743 | 1 Hp | 175 2a68a, 2a68a Firmware, 2a69a and 172 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| HP has identified a potential security vulnerability with HP Enterprise LaserJet Printers and MFPs, HP OfficeJet Enterprise Color Printers and MFP, HP PageWide Color Printers and MPS before 2308214_000901, 2308214_000900, and other firmware versions. The vulnerability could be exploited to perform a cross site scripting (XSS) attack. | |||||
| CVE-2017-2674 | 1 Redhat | 1 Jboss Bpm Suite | 2024-11-21 | 3.5 LOW | 6.1 MEDIUM |
| JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are not properly sanitized before showing to other users, including admins. | |||||
| CVE-2017-2661 | 1 Clusterlabs | 1 Pcs | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster. | |||||