Total
37264 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6562 | 1 Agora-project | 1 Agora-project | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack. | |||||
| CVE-2017-8103 | 1 Mybb | 1 Mybb | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event. | |||||
| CVE-2017-17832 | 1 Serverscheck | 1 Monitoring Software | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter, and JavaScript can be executed on settings-save.html (the Settings - SMS Alerts page). | |||||
| CVE-2017-9452 | 1 Piwigo | 1 Piwigo | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2016-8922 | 1 Ibm | 2 Web Content Manager Production Analytics, Websphere Portal | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Exphox WebRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2011-4333 | 1 Scilico | 1 Labwiki | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) from parameter to index.php or the (2) page_no parameter to recentchanges.php. | |||||
| CVE-2017-17737 | 1 Brightsign | 2 4k242, 4k242 Firmware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html. | |||||
| CVE-2017-0890 | 1 Nextcloud | 1 Nextcloud Server | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue. | |||||
| CVE-2017-11481 | 1 Elastic | 1 Kibana | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | |||||
| CVE-2017-11180 | 1 Finecms Project | 1 Finecms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| FineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in (1) the User-Agent header of an HTTP request or (2) the username entered on the login screen. | |||||
| CVE-2015-5613 | 1 Octobercms | 1 October | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612. | |||||
| CVE-2017-14516 | 1 Sap | 1 Businessobjects Financial Consolidation | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note 2422292. | |||||
| CVE-2017-7583 | 1 Ilias | 1 Ilias | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| ILIAS before 5.2.3 has XSS via SVG documents. | |||||
| CVE-2017-2224 | 1 Web-dorado | 1 Event Calendar Wd | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Event Calendar WD prior to version 1.0.94 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-5057 | 1 Broken Link Checker Project | 1 Broken Link Checker | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed. | |||||
| CVE-2017-7579 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field. | |||||
| CVE-2015-7565 | 1 Emberjs | 1 Ember.js | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2017-1000011 | 1 Mywebsql | 1 Mywebsql | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| MyWebSQL version 3.6 is vulnerable to stored XSS in the database manager component resulting in account takeover or stealing of information | |||||
| CVE-2017-2114 | 1 Cybozu | 1 Office | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-9472 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possible is extremely narrow and it is very unlikely that such an attack could be actually effective. | |||||