Vulnerabilities (CVE)

Filtered by CWE-79
Total 37101 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-15810 1 Popcash 1 Popcash.net Code Integration Tool 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
The PopCash.Net Code Integration Tool plugin before 1.1 for WordPress has XSS via the tab parameter to wp-admin/admin.php.
CVE-2017-15039 1 Zurmo 1 Zurmo Crm 2025-04-20 3.5 LOW 4.8 MEDIUM
Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.
CVE-2017-8304 1 Accellion 1 File Transfer Appliance 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI.
CVE-2017-12907 1 Nexusphp Project 1 Nexusphp 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php.
CVE-2016-8935 1 Ibm 1 Kenexa Lms 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999483.
CVE-2016-6037 1 Ibm 2 Rational Quality Manager, Rational Team Concert 2025-04-20 3.5 LOW 4.8 MEDIUM
IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 116918.
CVE-2017-15888 1 Synology 1 Audio Station 2025-04-20 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter.
CVE-2015-7357 1 Udesign Project 1 Udesign 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the uDesign (aka U-Design) theme 2.3.0 before 2.7.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via a fragment identifier, as demonstrated by #<svg onload=alert(1)>.
CVE-2017-7733 1 Fortinet 1 Fortios 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter.
CVE-2017-9298 1 Hitachi 1 Device Manager 2025-04-20 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code.
CVE-2016-7839 1 Olive Design 1 Olive Blog 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Olive Blog allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2017-6699 1 Cisco 2 Evolved Programmable Network Manager, Prime Infrastructure 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24616 CSCvc35363 CSCvc49574. Known Affected Releases: 3.1(1) 2.0(4.0.45B).
CVE-2017-16842 1 Yoast 1 Wordpress Seo 2025-04-20 3.5 LOW 4.8 MEDIUM
Cross-site scripting (XSS) vulnerability in admin/google_search_console/class-gsc-table.php in the Yoast SEO plugin before 5.8.0 for WordPress allows remote attackers to inject arbitrary web script or HTML.
CVE-2017-12322 1 Cisco 1 Email Encryption 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999.
CVE-2017-6661 1 Cisco 2 Content Security Management Appliance, Email Security Appliance 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. More Information: CSCvd30805 CSCvd34861. Known Affected Releases: 10.0.0-203 10.1.0-049.
CVE-2017-14597 1 Afterlogic 2 Aurora, Webmail 2025-04-20 3.5 LOW 4.8 MEDIUM
AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain.
CVE-2017-17907 1 Car Rental Script Project 1 Car Rental Script 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter.
CVE-2016-9979 1 Ibm 1 Curam Social Program Management 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120255.
CVE-2016-4855 1 Adodb Project 1 Adodb 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-3976 1 Ge 14 Multilink Ml1200, Multilink Ml1200 Firmware, Multilink Ml1600 and 11 more 2025-04-20 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier.