Vulnerabilities (CVE)

Filtered by CWE-79
Total 37280 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-9356 1 Sitecore 1 Sitecore.net 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Sitecore.NET 7.1 through 7.2 has a Cross Site Scripting Vulnerability via the searchStr parameter to the /Search-Results URI.
CVE-2017-1531 1 Ibm 1 Business Process Manager 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130410.
CVE-2017-11685 1 Zohocorp 1 Manageengine Eventlog Analyzer 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter.
CVE-2017-6103 1 Anyvar Project 1 Anyvar 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1.
CVE-2016-6334 1 Mediawiki 1 Mediawiki 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links.
CVE-2015-7672 1 Centreon 1 Centreon 2025-04-20 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in Centreon 2.6.1 (fixed in Centreon 18.10.0 and Centreon web 2.8.27).
CVE-2016-7823 1 Buffalotech 2 Wnc01wh, Wnc01wh Firmware 2025-04-20 2.3 LOW 4.3 MEDIUM
Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-7987 1 Joomla 1 Joomla\! 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.
CVE-2017-6443 1 Epson 1 Tmnet Webconfig 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1.
CVE-2017-2092 1 Cybozu 1 Garoon 2025-04-20 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-5542 1 Getsymphony 1 Symphony 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter.
CVE-2017-15736 1 Spip 1 Spip 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php.
CVE-2017-7735 1 Fortinet 1 Fortios 2025-04-20 3.5 LOW 5.4 MEDIUM
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups.
CVE-2017-12248 1 Cisco 1 Unified Intelligence Center 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to click a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76835.
CVE-2017-8629 1 Microsoft 1 Sharepoint Server 2025-04-20 3.5 LOW 5.4 MEDIUM
Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of privilege vulnerability when it fails to properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint XSS Vulnerability".
CVE-2017-5191 1 Netiq 1 Access Manager 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header.
CVE-2017-8559 1 Microsoft 1 Exchange Server 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8560.
CVE-2017-9523 1 Sophos 1 Web Appliance 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342.
CVE-2016-4807 1 Web2py 1 Web2py 2025-04-20 3.5 LOW 4.8 MEDIUM
Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).
CVE-2017-7288 1 Synacor 1 Zimbra Collaboration Suite 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) before 8.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.