Total
37342 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3408 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 101813. | |||||
| CVE-2017-6675 | 1 Cisco | 1 Industrial Network Director | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected system. More Information: CSCvd25405. Known Affected Releases: 1.1(0.176). | |||||
| CVE-2017-17753 | 1 Csv-import-export Project | 1 Csv-import-export | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the esb-csv-import-export plugin through 1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cie_type, (2) cie_import, (3) cie_update, or (4) cie_ignore parameter to includes/admin/views/esb-cie-import-export-page.php. | |||||
| CVE-2017-8016 | 1 Emc | 1 Archer Grc Platform | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. | |||||
| CVE-2017-1380 | 1 Ibm | 1 Websphere Application Server | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127151. | |||||
| CVE-2015-8861 | 1 Handlebars.js Project | 1 Handlebars.js | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted. | |||||
| CVE-2017-14983 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object parameter to module/admin_conf/index.php. | |||||
| CVE-2015-6021 | 1 Spiceworks | 1 Desktop | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response. | |||||
| CVE-2017-15872 | 1 Phpwcms | 1 Phpwcms | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
| phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the username (aka new_login) field. | |||||
| CVE-2017-8792 | 1 Accellion | 1 File Transfer Appliance | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter. | |||||
| CVE-2017-15936 | 1 Artica | 1 Pandora Fms | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed. | |||||
| CVE-2017-15811 | 1 Pootlepress | 1 Pootle Button | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assets_url parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php. | |||||
| CVE-2017-16789 | 2 Integrationmatters, Tibco | 2 Njams, Businessworks Process Monitor | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS 3 before 3.2.0 Hotfix 7, as used in TIBCO BusinessWorks Process Monitor through 3.0.1.3 and other products, allows remote authenticated administrators to inject arbitrary web script or HTML via the users management panel of the web interface. | |||||
| CVE-2014-9677 | 1 Flowpaper | 1 Flexpaper | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in FlexPaperViewer.swf in Flexpaper before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the Swfile parameter. | |||||
| CVE-2017-1000138 | 1 Mahara | 1 Mahara | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title. | |||||
| CVE-2017-9622 | 1 Epesi | 1 Epesi | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data. | |||||
| CVE-2017-17096 | 1 Content Cards Project | 1 Content Cards | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Content Cards plugin before 0.9.7 for WordPress allows remote attackers to inject arbitrary JavaScript via crafted OpenGraph data. | |||||
| CVE-2016-6019 | 1 Ibm | 1 Emptoris Strategic Supply Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116739. | |||||
| CVE-2016-9169 | 1 Novell | 1 Groupwise | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks. | |||||
| CVE-2017-2135 | 1 Wp-statistics | 1 Wp Statistics | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||