Vulnerabilities (CVE)

Filtered by CWE-79
Total 37107 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-3868 1 Cisco 1 Unified Computing System Director 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc44344. Known Affected Releases: 6.0(0.0).
CVE-2017-3132 1 Fortinet 1 Fortios 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.
CVE-2016-6348 1 Redhat 1 Resteasy 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.
CVE-2017-9448 1 Bigtreecms 1 Bigtree Cms 2025-04-20 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. This issue exists in core\admin\ajax\pages\save-revision.php and core\admin\modules\pages\revisions.php. Low-privileged (administrator) users can attack high-privileged (Developer) users.
CVE-2016-9973 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209.
CVE-2017-12066 1 Cacti 1 Cacti 2025-04-20 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists because of an incomplete fix (lack of the htmlspecialchars ENT_QUOTES flag) for CVE-2017-11163.
CVE-2017-9668 1 Cmsmadesimple 1 Cms Made Simple 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action.
CVE-2017-14755 1 Opentext 1 Document Sciences Xpression 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, parameter: categoryId.
CVE-2017-5621 1 Zammad 1 Zammad 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. XSS can be triggered via malicious HTML in a chat message or the content of a ticket article, when using either the REST API or the WebSocket API.
CVE-2016-9732 1 Ibm 1 Curam Social Program Management 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119761.
CVE-2015-5379 1 Axigen 1 Axigen Mail Server 2025-04-20 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax WebMail interface in AXIGEN Mail Server before 9.0 allows remote attackers to inject arbitrary web script or HTML via an email attachment.
CVE-2017-9361 1 Websitebaker 1 Websitebaker 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php.
CVE-2016-7817 1 Simple Keitai Chat Project 1 Simple Keitai Chat 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Simple keitai chat 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-17925 1 Ordermanagementscript 1 Professional Service Script 2025-04-20 3.5 LOW 4.8 MEDIUM
PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter.
CVE-2017-15612 1 Mistune Project 1 Mistune 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.
CVE-2015-8353 1 Role Scoper Project 1 Role Scoper 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the Role Scoper plugin before 1.3.67 for WordPress allows remote attackers to inject arbitrary web script or HTML via the object_name parameter in a rs-object_role_edit page to wp-admin/admin.php.
CVE-2016-6046 1 Ibm 1 Tivoli Storage Manager 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-7841 1 Olive Design 1 Olive Diary Dx 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Olive Diary DX allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2015-8010 3 Icinga, Opensuse, Opensuse Project 3 Icinga, Leap, Leap 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.
CVE-2017-15571 2 Debian, Redmine 2 Debian Linux, Redmine 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data.