Total
37194 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9781 | 1 Check Mk Project | 1 Check Mk | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the _username parameter when attempting authentication to webapi.py, which is returned unencoded with content type text/html. | |||||
| CVE-2017-15362 | 1 Osticket | 1 Osticket | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application. This affects a different tickets.php file than CVE-2015-1176. | |||||
| CVE-2017-12272 | 1 Cisco | 1 Ios Xe | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by convincing a user of the web interface to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvb09516. | |||||
| CVE-2017-12294 | 1 Cisco | 1 Webex Meetings Server | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf85562. | |||||
| CVE-2017-2187 | 1 3cx | 1 Live Chat | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-9556 | 1 Synology | 1 Video Station | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the title parameter. | |||||
| CVE-2017-8178 | 1 Huawei | 2 Vicky-al00, Vicky-al00 Firmware | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Huawei Email APP Vicky-AL00 smartphones with software of earlier than VKY-AL00C00B171 versions has a stored cross-site scripting vulnerability. A remote attacker could exploit this vulnerability to send email that storing malicious code to a smartphone and waiting for a user to access this email that triggers execution of the code. An exploit could allow the attacker to execute arbitrary script code on the affected device. | |||||
| CVE-2017-17985 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state_view.php cou_id parameter. | |||||
| CVE-2017-9802 | 1 Apache | 1 Sling Servlets Post | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript 'eval' function to parse input strings, which allows for XSS attacks by passing specially crafted input strings. | |||||
| CVE-2017-13138 | 1 Qodeinteractive | 1 Bridge | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript. | |||||
| CVE-2016-9259 | 1 Tenable | 1 Nessus | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-6878 | 1 Metinfo | 1 Metinfo | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name_2 parameter to admin/column/delete.php. | |||||
| CVE-2017-3152 | 1 Apache | 1 Atlas | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality. | |||||
| CVE-2016-5980 | 1 Ibm | 1 Tririga Application Platform | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2017-1000012 | 1 Mysqldumper | 1 Mysqldumper | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| MySQL Dumper version 1.24 is vulnerable to stored XSS when displaying the data in the database to the user | |||||
| CVE-2016-1566 | 1 Apache | 1 Guacamole | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. NOTE: this vulnerability was fixed in guacamole.war on 2016-01-13, but the version number was not changed. | |||||
| CVE-2017-2257 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function. | |||||
| CVE-2017-15911 | 1 Igniterealtime | 1 Openfire | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
| The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application. | |||||
| CVE-2017-14920 | 1 Egroupware | 1 Egroupware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator. | |||||
| CVE-2017-8897 | 1 Invisioncommunity | 1 Invision Power Board | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF8 Converter vulnerability can easily be used to make a malicious announcement affecting any Invision Power Board user who views the announcement. | |||||