Total
37537 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7089 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing. | |||||
| CVE-2015-7879 | 1 Stickynote Project | 1 Stickynote | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Stickynote module 7.x before 7.x-1.3 for Drupal allows remote authenticated users with permission to create or edit a stickynote to inject arbitrary web script or HTML via note text on the admin listing page. | |||||
| CVE-2017-8127 | 1 Huawei | 1 Uma | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks. | |||||
| CVE-2017-14615 | 1 Watchguard | 1 Fireware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as value of the user element, the code will be rendered in the context of any logged in user in the Web UI visiting "Traffic Monitor" sections "Events" and "All." As a side effect, no further events will be visible in the Traffic Monitor until the device is restarted. | |||||
| CVE-2016-6209 | 1 Nagios | 1 Nagios | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Nagios. | |||||
| CVE-2017-7992 | 1 Heartland Payment Systems | 1 Heartland-php | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php v2.8.17 is vulnerable to a reflected XSS in examples/consumer-authentication/cruise.php via the URI, as demonstrated by the cavv parameter. | |||||
| CVE-2017-15687 | 1 Logitech | 1 Media Server | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI. | |||||
| CVE-2017-9548 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is scheduled for future publication (aka a pending page change). | |||||
| CVE-2016-8946 | 1 Ibm | 1 Emptoris Sourcing | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118833. | |||||
| CVE-2015-6588 | 1 Modx | 1 Modx Revolution | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Revolution before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. | |||||
| CVE-2017-3129 | 1 Fortinet | 1 Fortiweb | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature. | |||||
| CVE-2017-6003 | 1 Dotcms | 1 Dotcms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields. | |||||
| CVE-2017-6029 | 1 Certec Edv Gmbh | 1 Atvise Scada | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. This may allow remote code execution. | |||||
| CVE-2016-9737 | 1 Ibm | 1 Tririga Application Platform | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1996200. | |||||
| CVE-2017-7298 | 1 Moodle | 1 Moodle | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add a new course" page, as demonstrated by a crafted attribute of an SVG element. | |||||
| CVE-2017-4940 | 1 Vmware | 1 Esxi | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client. | |||||
| CVE-2017-1485 | 1 Ibm | 1 Cognos Analytics | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128623. | |||||
| CVE-2017-10967 | 1 Finecms Project | 1 Finecms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| In FineCMS before 2017-07-06, application\core\controller\config.php allows XSS in the (1) key_name, (2) key_value, and (3) meaning parameters. | |||||
| CVE-2017-17714 | 1 Boxug | 1 Trape | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter. | |||||
| CVE-2017-13778 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter. | |||||