Vulnerabilities (CVE)

Filtered by CWE-79
Total 37356 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-2883 1 Philips 1 In.sight B120\\37 2025-04-20 3.5 LOW 5.4 MEDIUM
Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php.
CVE-2017-17986 1 Muslim Matrimonial Script Project 1 Muslim Matrimonial Script 2025-04-20 3.5 LOW 4.8 MEDIUM
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter.
CVE-2017-1002011 1 Anblik 1 Image-gallery-with-slideshow 2025-04-20 3.5 LOW 5.4 MEDIUM
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value->gallery_name and $value->gallery_description where anyone with privileges to modify or add galleries/images and inject javascript into the database.
CVE-2016-5897 1 Ibm 1 Jazz Reporting Service 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
CVE-2015-3162 1 Beaker-project 1 Beaker 2025-04-20 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked canceled job.
CVE-2017-11820 1 Microsoft 1 Sharepoint Enterprise Server 2025-04-20 3.5 LOW 5.4 MEDIUM
Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". This CVE ID is unique from CVE-2017-11775 and CVE-2017-11777.
CVE-2017-9306 1 Syspass 1 Syspass 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring.
CVE-2017-8439 1 Elastic 1 Kibana 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. This bug could allow an attacker to obtain sensitive information from Kibana users.
CVE-2017-5945 1 Poodll 1 Moodle-filter Poodll 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the "poodll_audio_url" HTTP GET parameter passed to the "filter_poodll_moodle32_2016112802/poodll/mp3recorderskins/brazil/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2017-6539 1 Webpagetest Project 1 Webpagetest 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, time) passed to the webpagetest-master/www/benchmarks/delta.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2017-7250 1 Gazelle Project 1 Gazelle 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data (action) passed to the 'Gazelle-master/sections/tools/finances/bitcoin_balance.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2017-1000063 1 Kitto Project 1 Kitto 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 page resulting in information disclosure
CVE-2017-6807 1 Uninett 1 Mod Auth Mellon 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site.
CVE-2016-10515 1 Redmine 1 Redmine 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages.
CVE-2017-9547 1 Bigtreecms 1 Bigtree Cms 2025-04-20 3.5 LOW 5.4 MEDIUM
admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication (aka a pending page change).
CVE-2017-12345 1 Cisco 1 Data Center Network Manager 2025-04-20 4.3 MEDIUM 4.7 MEDIUM
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.
CVE-2017-12777 1 Nexusphp Project 1 Nexusphp 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php.
CVE-2017-8005 2 Emc, Rsa 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance 2025-04-20 3.5 LOW 5.4 MEDIUM
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application.
CVE-2017-1600 1 Ibm 1 Security Guardium 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132613.
CVE-2017-6905 1 Concrete5 1 Concrete5 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (disable_choose) passed to the "concrete5-legacy-master/web/concrete/tools/files/search_dialog.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.