Total
37098 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-9229 | 1 Imagely | 1 Nextgen Gallery | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter. | |||||
CVE-2016-1217 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2. | |||||
CVE-2017-7723 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body. | |||||
CVE-2017-9623 | 1 Epesi | 1 Epesi | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data. | |||||
CVE-2017-5833 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
CVE-2017-5003 | 2 Emc, Rsa | 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. | |||||
CVE-2016-4880 | 1 Basercms | 1 Basercms | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2017-2284 | 1 Code-atlantic | 1 Popup Maker | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in Popup Maker prior to version 1.6.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2017-11296 | 1 Adobe | 1 Experience Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager. | |||||
CVE-2017-9419 | 1 Webhammer | 1 Wp Custom Fields Search | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter. | |||||
CVE-2017-5876 | 1 Dotcms | 1 Dotcms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /news-events/events date parameter. | |||||
CVE-2017-11744 | 1 Modx | 1 Modx Revolution | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
In MODX Revolution 2.5.7, the "key" and "name" parameters in the System Settings module are vulnerable to XSS. A malicious payload sent to connectors/index.php will be triggered by every user, when they visit this module. | |||||
CVE-2017-2194 | 1 Ipa | 1 Icodechecker | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in Source code security studying tool iCodeChecker allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2016-9371 | 1 Moxa | 51 Nport 5100 Series Firmware, Nport 5100a Series Firmware, Nport 5110 and 48 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. User-controlled input is not neutralized before being output to web page (CROSS-SITE SCRIPTING). | |||||
CVE-2017-1098 | 1 Ibm | 1 Emptoris Supplier Lifecycle Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120658. | |||||
CVE-2017-2164 | 1 N-i-agroinformatics | 1 Soy Cms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-7562 | 1 Teampass | 1 Teampass | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role. | |||||
CVE-2015-4721 | 1 Concretecms | 1 Concrete Cms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 5.7.3.1. | |||||
CVE-2017-5584 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2016-8232 | 1 Ibm | 3 Advanced Management Module, Advanced Management Module Firmware, Bladecenter | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information. |