Total
37256 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8760 | 1 Accellion | 1 File Transfer Appliance | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding. | |||||
| CVE-2017-1689 | 1 Ibm | 1 Rational Doors Next Generation | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134064. | |||||
| CVE-2017-10667 | 1 Zen-cart | 1 Zen Cart | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS. | |||||
| CVE-2017-12856 | 1 C.p.sub Project | 1 C.p.sub | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to index.php. | |||||
| CVE-2016-6347 | 1 Redhat | 1 Resteasy | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-8856 | 1 Openjsf | 1 Serve-index | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name. | |||||
| CVE-2015-6521 | 1 Atutor | 1 Atutor | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS version 2.2. | |||||
| CVE-2017-14923 | 1 Tine20 | 1 Tine 2.0 | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | |||||
| CVE-2015-3883 | 1 Qdpm | 1 Qdpm | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in qdPM 8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) search[keywords] parameter to index.php/users page; the (2) "Name of application" on index.php/configuration; (3) a new project name on index.php/projects; (4) the task name on index.php/tasks; (5) ticket name on index.php/tickets; (6) discussion name on index.php/discussions; (7) report name on index.php/projectReports; or (8) event name on index.php/scheduler/personal. | |||||
| CVE-2016-9128 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an attacker to steal the session ID of an authenticated user, by tricking them into visiting a specifically crafted URL. | |||||
| CVE-2017-10711 | 1 Simplerisk | 1 Simplerisk | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| In SimpleRisk 20170614-001, a CSRF attack on reset.php (aka the Send Password Reset Email form) can insert XSS sequences via the user parameter. | |||||
| CVE-2017-14506 | 1 Geminabox Project | 1 Geminabox | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file. | |||||
| CVE-2017-17094 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL. | |||||
| CVE-2017-8778 | 1 Gitlab | 1 Gitlab | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document. | |||||
| CVE-2017-5490 | 1 Wordpress | 1 Wordpress | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php. | |||||
| CVE-2017-17089 | 1 Webmin | 1 Webmin | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
| custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality. | |||||
| CVE-2017-14352 | 1 Hp | 1 Ucmdb Configuration Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting. | |||||
| CVE-2017-17994 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request. | |||||
| CVE-2017-3866 | 1 Cisco | 1 Prime Service Catalog | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web framework code of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvc79842 CSCvc79846 CSCvc79855 CSCvc79873 CSCvc79882 CSCvc79891. Known Affected Releases: 11.1.2. | |||||
| CVE-2015-7391 | 1 Testlink | 1 Testlink | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the (1) selected_end_date or (2) selected_start_date parameter to lib/results/tcCreatedPerUserOnTestProject.php; the (3) containerType parameter to lib/testcases/containerEdit.php; the (4) filter_tc_id or (5) filter_testcase_name parameter to lib/testcases/listTestCases.php; the (6) useRecursion parameter to lib/testcases/tcImport.php; the (7) targetTestCase or (8) created_by parameter to lib/testcases/tcSearch.php; or the (9) HTTP Referer header to third_party/user_contribution/fakeRemoteExecServer/client4fakeXMLRPCTestRunner.php. | |||||