Total
37538 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16904 | 1 Lvyecms Project | 1 Lvyecms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator. | |||||
| CVE-2015-8684 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then accessing it via the elFinder functionality. | |||||
| CVE-2016-9988 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120554. | |||||
| CVE-2017-17043 | 1 Zitec | 1 Emag Marketplace Connector | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly. | |||||
| CVE-2017-9674 | 1 Simplece | 1 Simplece | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?return_url=[XSS] exploitable as a regular or admin user. | |||||
| CVE-2016-8943 | 1 Ibm | 2 Spectrum Control, Tivoli Storage Productivity Center | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Tivoli Storage Productivity Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-5737 | 1 Openstack | 1 Puppet-gerrit | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Gerrit configuration in the Openstack Puppet module for Gerrit (aka puppet-gerrit) improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a crafted review. | |||||
| CVE-2017-15278 | 1 Teampass | 1 Teampass | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-11677 | 1 Hashtopus Project | 1 Hashtopus | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php. | |||||
| CVE-2016-6032 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2017-5616 | 1 Cpanel | 2 Cgiecho, Cgiemail | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter. | |||||
| CVE-2016-10704 | 1 Magento | 1 Magento | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503. | |||||
| CVE-2017-7362 | 1 Lucidcrew | 1 Pixie | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack. | |||||
| CVE-2017-0107 | 1 Microsoft | 1 Sharepoint Foundation | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local security context, aka "Microsoft SharePoint XSS Vulnerability." | |||||
| CVE-2017-6489 | 1 Epesi | 1 Epesi | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (element, state, cat, id, cid) passed to the EPESI-master/modules/Utils/Watchdog/subscribe.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-14370 | 1 Rsa | 1 Archer Grc Platform | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. | |||||
| CVE-2015-7668 | 1 Easy2map | 1 Easy2map | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter. | |||||
| CVE-2017-1500 | 1 Ibm | 2 Mobilefirst Platform Foundation, Worklight | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in authenticationConfig.xml, you get an HTTP 403 Forbidden response and the value will be reflected in the body of the HTTP response. By setting it to arbitrary JavaScript code it is possible to modify the flow of the authorization function, potentially leading to credential disclosure within a trusted session. | |||||
| CVE-2017-4926 | 1 Vmware | 1 Vcenter Server | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page. | |||||
| CVE-2017-8920 | 1 Cgiirc | 1 Cgi\ | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS. | |||||