Total
37356 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-2883 | 1 Philips | 1 In.sight B120\\37 | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php. | |||||
CVE-2017-17986 | 1 Muslim Matrimonial Script Project | 1 Muslim Matrimonial Script | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter. | |||||
CVE-2017-1002011 | 1 Anblik | 1 Image-gallery-with-slideshow | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value->gallery_name and $value->gallery_description where anyone with privileges to modify or add galleries/images and inject javascript into the database. | |||||
CVE-2016-5897 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | |||||
CVE-2015-3162 | 1 Beaker-project | 1 Beaker | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked canceled job. | |||||
CVE-2017-11820 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". This CVE ID is unique from CVE-2017-11775 and CVE-2017-11777. | |||||
CVE-2017-9306 | 1 Syspass | 1 Syspass | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring. | |||||
CVE-2017-8439 | 1 Elastic | 1 Kibana | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. This bug could allow an attacker to obtain sensitive information from Kibana users. | |||||
CVE-2017-5945 | 1 Poodll | 1 Moodle-filter Poodll | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the "poodll_audio_url" HTTP GET parameter passed to the "filter_poodll_moodle32_2016112802/poodll/mp3recorderskins/brazil/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
CVE-2017-6539 | 1 Webpagetest Project | 1 Webpagetest | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, time) passed to the webpagetest-master/www/benchmarks/delta.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
CVE-2017-7250 | 1 Gazelle Project | 1 Gazelle | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data (action) passed to the 'Gazelle-master/sections/tools/finances/bitcoin_balance.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
CVE-2017-1000063 | 1 Kitto Project | 1 Kitto | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 page resulting in information disclosure | |||||
CVE-2017-6807 | 1 Uninett | 1 Mod Auth Mellon | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site. | |||||
CVE-2016-10515 | 1 Redmine | 1 Redmine | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages. | |||||
CVE-2017-9547 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication (aka a pending page change). | |||||
CVE-2017-12345 | 1 Cisco | 1 Data Center Network Manager | 2025-04-20 | 4.3 MEDIUM | 4.7 MEDIUM |
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247. | |||||
CVE-2017-12777 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php. | |||||
CVE-2017-8005 | 2 Emc, Rsa | 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application. | |||||
CVE-2017-1600 | 1 Ibm | 1 Security Guardium | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132613. | |||||
CVE-2017-6905 | 1 Concrete5 | 1 Concrete5 | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (disable_choose) passed to the "concrete5-legacy-master/web/concrete/tools/files/search_dialog.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |