Total
37549 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6283 | 1 Atlassian | 1 Confluence | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action. | |||||
| CVE-2017-16962 | 1 Communigate | 1 Communigate Pro | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a crafted Outlook.com calendar (aka Hotmail Calendar) invitation, (3) e-mail granting access to a directory that has JavaScript in its name, (4) JavaScript in a note name, (5) JavaScript in a task name, or (6) HTML e-mail that is mishandled in the Inbox component. | |||||
| CVE-2017-7387 | 1 Helpmewatchwho Project | 1 Helpmewatchwho | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| TheFirstQuestion/HelpMeWatchWho before 2017-03-28 is vulnerable to a reflected XSS in HelpMeWatchWho-master/unaired.php (episodeID parameter). | |||||
| CVE-2017-14744 | 1 Baidu | 1 Ueditor | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. | |||||
| CVE-2017-14193 | 1 Finecms Project | 1 Finecms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The oauth function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer. | |||||
| CVE-2017-15569 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list. | |||||
| CVE-2015-4707 | 1 Ipython | 1 Ipython | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path. | |||||
| CVE-2016-9119 | 3 Canonical, Debian, Moinmo | 3 Ubuntu Linux, Debian Linux, Moinmoin | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-9409 | 1 Mybb | 2 Merge System, Mybb | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving pruning logs. | |||||
| CVE-2016-0305 | 1 Ibm | 1 Connections | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |||||
| CVE-2016-3113 | 1 Redhat | 1 Ovirt-engine | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2017-7386 | 1 Symetrie Project | 1 Symetrie | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| citymont/symetrie v.0.9.6 is vulnerable to a reflected XSS in symetrie-master/app/commands/page.php (model parameter). | |||||
| CVE-2017-10837 | 1 Backup-guard | 1 Backup Guard | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in BackupGuard prior to version 1.1.47 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-1000015 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters | |||||
| CVE-2017-14379 | 1 Emc | 1 Rsa Authentication Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2016-8011 | 1 Intel Security Mcafee | 1 Endpoint Security Web Control | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Intel Security McAfee Endpoint Security (ENS) Web Control before 10.2.0.408.10 allows attackers to inject arbitrary web script or HTML via a crafted web site. | |||||
| CVE-2017-3557 | 1 Oracle | 1 One-to-one Fulfillment | 2025-04-20 | 7.8 HIGH | 7.1 HIGH |
| Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | |||||
| CVE-2017-1000054 | 1 Rocketchat | 1 Rocket.chat | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages. | |||||
| CVE-2017-14651 | 1 Wso2 | 17 Api Manager, App Manager, Application Server and 14 more | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
| WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. | |||||
| CVE-2017-8801 | 1 Trendmicro | 1 Officescan | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website. | |||||