Total
37107 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-3868 | 1 Cisco | 1 Unified Computing System Director | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc44344. Known Affected Releases: 6.0(0.0). | |||||
CVE-2017-3132 | 1 Fortinet | 1 Fortios | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken. | |||||
CVE-2016-6348 | 1 Redhat | 1 Resteasy | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack. | |||||
CVE-2017-9448 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. This issue exists in core\admin\ajax\pages\save-revision.php and core\admin\modules\pages\revisions.php. Low-privileged (administrator) users can attack high-privileged (Developer) users. | |||||
CVE-2016-9973 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209. | |||||
CVE-2017-12066 | 1 Cacti | 1 Cacti | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists because of an incomplete fix (lack of the htmlspecialchars ENT_QUOTES flag) for CVE-2017-11163. | |||||
CVE-2017-9668 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action. | |||||
CVE-2017-14755 | 1 Opentext | 1 Document Sciences Xpression | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, parameter: categoryId. | |||||
CVE-2017-5621 | 1 Zammad | 1 Zammad | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. XSS can be triggered via malicious HTML in a chat message or the content of a ticket article, when using either the REST API or the WebSocket API. | |||||
CVE-2016-9732 | 1 Ibm | 1 Curam Social Program Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119761. | |||||
CVE-2015-5379 | 1 Axigen | 1 Axigen Mail Server | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax WebMail interface in AXIGEN Mail Server before 9.0 allows remote attackers to inject arbitrary web script or HTML via an email attachment. | |||||
CVE-2017-9361 | 1 Websitebaker | 1 Websitebaker | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php. | |||||
CVE-2016-7817 | 1 Simple Keitai Chat Project | 1 Simple Keitai Chat | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in Simple keitai chat 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2017-17925 | 1 Ordermanagementscript | 1 Professional Service Script | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter. | |||||
CVE-2017-15612 | 1 Mistune Project | 1 Mistune | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions. | |||||
CVE-2015-8353 | 1 Role Scoper Project | 1 Role Scoper | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Role Scoper plugin before 1.3.67 for WordPress allows remote attackers to inject arbitrary web script or HTML via the object_name parameter in a rs-object_role_edit page to wp-admin/admin.php. | |||||
CVE-2016-6046 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
CVE-2016-7841 | 1 Olive Design | 1 Olive Diary Dx | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in Olive Diary DX allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
CVE-2015-8010 | 3 Icinga, Opensuse, Opensuse Project | 3 Icinga, Leap, Leap | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi. | |||||
CVE-2017-15571 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data. |