Total
37309 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-0195 | 1 Microsoft | 5 Excel Web App, Office Online Server, Office Web Apps and 2 more | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability." | |||||
CVE-2016-3412 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103997, 104413, 104414, 104777, and 104791. | |||||
CVE-2015-9056 | 1 Elastic | 1 Kibana | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack. | |||||
CVE-2017-11737 | 1 Rspamd Project | 1 Rspamd | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
interface/js/app/history.js in WebUI in Rspamd before 1.6.3 allows XSS via the Subject and Message-Id headers, which are mishandled in the history page. | |||||
CVE-2017-2339 | 1 Juniper | 1 Screenos | 2025-04-20 | 3.5 LOW | 8.4 HIGH |
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue. | |||||
CVE-2017-6734 | 1 Cisco | 1 Identity Services Engine | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected device, related to the Guest Portal. More Information: CSCvd74794. Known Affected Releases: 1.3(0.909) 2.1(0.800). | |||||
CVE-2017-14995 | 1 Wso2 | 8 Application Server, Business Process Server, Business Rules Server and 5 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
The Management Console in WSO2 Application Server 5.3.0, WSO2 Business Process Server 3.6.0, WSO2 Business Rules Server 2.2.0, WSO2 Complex Event Processor 4.2.0, WSO2 Dashboard Server 2.0.0, WSO2 Data Analytics Server 3.1.0, WSO2 Data Services Server 3.5.1, and WSO2 Machine Learner 1.2.0 is affected by stored XSS. | |||||
CVE-2017-1000023 | 1 Logicaldoc | 1 Logicaldoc | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document. | |||||
CVE-2017-2578 | 1 Moodle | 1 Moodle | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
In Moodle 3.x, there is XSS in the assignment submission page. | |||||
CVE-2017-3155 | 1 Apache | 1 Atlas | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting. | |||||
CVE-2017-8550 | 1 Microsoft | 1 Office | 2025-04-20 | 4.3 MEDIUM | 5.4 MEDIUM |
A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability". | |||||
CVE-2017-1002017 | 1 Bobcares | 1 Gift-certificate-creator | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability. | |||||
CVE-2017-1000103 | 1 Jenkins | 1 Dry | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view. | |||||
CVE-2016-4875 | 3 Assist Project, Databox Project, Userbox Project | 3 Assist Plugin, Databox Plugin, Userbox Plugin | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test20160906, (2) dataBox plugin before 0.0.0.20160906, and (3) userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2014-9772 | 1 Nodejs | 1 Node.js | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters. | |||||
CVE-2017-12292 | 1 Cisco | 1 Email Encryption | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999. | |||||
CVE-2017-8024 | 1 Emc | 1 Isilon Onefs | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the affected system. | |||||
CVE-2017-14620 | 1 Smartertools | 1 Smarterstats | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting. | |||||
CVE-2017-16760 | 1 Inedo | 1 Buildmaster | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Inedo BuildMaster before 5.8.2 has XSS. | |||||
CVE-2017-12072 | 1 Synology | 1 Photo Station | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter. |