Vulnerabilities (CVE)

Filtered by CWE-79
Total 37103 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-12322 1 Cisco 1 Email Encryption 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999.
CVE-2017-6661 1 Cisco 2 Content Security Management Appliance, Email Security Appliance 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. More Information: CSCvd30805 CSCvd34861. Known Affected Releases: 10.0.0-203 10.1.0-049.
CVE-2017-14597 1 Afterlogic 2 Aurora, Webmail 2025-04-20 3.5 LOW 4.8 MEDIUM
AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain.
CVE-2017-17907 1 Car Rental Script Project 1 Car Rental Script 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter.
CVE-2016-9979 1 Ibm 1 Curam Social Program Management 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120255.
CVE-2016-4855 1 Adodb Project 1 Adodb 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-3976 1 Ge 14 Multilink Ml1200, Multilink Ml1200 Firmware, Multilink Ml1600 and 11 more 2025-04-20 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier.
CVE-2017-15934 1 Artica 1 Pandora Fms 2025-04-20 3.5 LOW 5.4 MEDIUM
Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scripting in the map name parameter.
CVE-2016-8356 1 Kabona Ab 1 Webdatorcentral 2025-04-20 4.3 MEDIUM 8.2 HIGH
An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. The web server URL inputs are not sanitized correctly, which may allow cross-site scripting vulnerabilities.
CVE-2017-9332 1 Pivotx 1 Pivotx 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag.
CVE-2012-4377 1 Mediawiki 1 Mediawiki 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image.
CVE-2017-1096 1 Ibm 1 Jazz Reporting Service 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120656.
CVE-2013-7452 1 Nodejs 1 Node.js 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI.
CVE-2016-5951 1 Ibm 1 Kenexa Lcms Premier 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2017-14498 1 Silverstripe 1 Silverstripe 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017.
CVE-2017-1000038 1 Relevanssi 1 Relevanssi 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site
CVE-2017-7944 1 Xoops 1 Xoops 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install DB failure error message in page_dbsettings.php.
CVE-2016-0781 2 Cloudfoundry, Pivotal Software 5 Cloud Foundry Uaa Bosh, Cloud Foundry, Cloud Foundry Elastic Runtime and 2 more 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions.
CVE-2017-1325 1 Ibm 1 Inotes 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125976.
CVE-2017-1345 1 Ibm 1 Insights Foundation For Energy 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Insights Foundation for Energy 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126460.