Total
36870 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-20158 | 1 Yii2 Fileapi Widget Project | 1 Yii2 Fileapi Widget | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in vova07 Yii2 FileAPI Widget up to 0.1.8. It has been declared as problematic. Affected by this vulnerability is the function run of the file actions/UploadAction.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.1.9 is able to address this issue. The identifier of the patch is c00d1e4fc912257fca1fce66d7a163bdbb4c8222. It is recommended to upgrade the affected component. The identifier VDB-217141 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2017-20155 | 1 Sterc | 1 Google Analytics Dashboard For Modx | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in Sterc Google Analytics Dashboard for MODX up to 1.0.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file core/components/analyticsdashboardwidget/elements/tpl/widget.analytics.tpl of the component Internal Search. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.0.6 is able to address this issue. The identifier of the patch is 855d9560d3782c105568eedf9b22a769fbf29cc0. It is recommended to upgrade the affected component. The identifier VDB-217069 was assigned to this vulnerability. | |||||
| CVE-2017-20153 | 1 Imageserve Project | 1 Imageserve | 2024-11-21 | 2.1 LOW | 2.6 LOW |
| A vulnerability has been found in aerouk imageserve and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument REQUEST_URI leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2ac3cd4f90b4df66874fab171376ca26868604c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217057 was assigned to this vulnerability. | |||||
| CVE-2017-20122 | 1 Bitrix24 | 1 Bitrix Site Manager | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability classified as problematic was found in Bitrix Site Manager 12.06.2015. Affected by this vulnerability is an unknown functionality of the component Contact Form. The manipulation of the argument text with the input <img src="http://1"; on onerror="$(’p').text(’Hacked’)" /> leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20118 | 1 Trueconf | 1 Server | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability was found in TrueConf Server 4.3.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/conferences/list/. The manipulation of the argument domxss leads to basic cross site scripting (DOM). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20117 | 1 Trueconf | 1 Server | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability was found in TrueConf Server 4.3.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/group. The manipulation leads to basic cross site scripting (DOM). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20116 | 1 Trueconf | 1 Server | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability was found in TrueConf Server 4.3.7. It has been classified as problematic. Affected is an unknown function of the file /admin/group/list/. The manipulation of the argument checked_group_id leads to basic cross site scripting (Reflected). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20115 | 1 Trueconf | 1 Server | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability was found in TrueConf Server 4.3.7 and classified as problematic. This issue affects some unknown processing of the file /admin/conferences/list/. The manipulation of the argument sort leads to basic cross site scripting (Reflected). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20114 | 1 Trueconf | 1 Server | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability has been found in TrueConf Server 4.3.7 and classified as problematic. This vulnerability affects unknown code of the file /admin/conferences/get-all-status/. The manipulation of the argument keys[] leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20113 | 1 Trueconf | 1 Server | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in TrueConf Server 4.3.7. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20108 | 1 Easy Table Project | 1 Easy Table | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability classified as problematic has been found in Easy Table Plugin 1.6. This affects an unknown part of the file /wordpress/wp-admin/options-general.php. The manipulation with the input "><script>alert(1)</script> leads to basic cross site scripting. It is possible to initiate the attack remotely. | |||||
| CVE-2017-20100 | 1 Air Transfer Project | 1 Air Transfer | 2024-11-21 | 4.3 MEDIUM | 3.5 LOW |
| A vulnerability was found in Air Transfer 1.0.14/1.2.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20098 | 1 Weblizar | 1 Admin Custom Login | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely. | |||||
| CVE-2017-20097 | 1 Wp-filebase Download Manager Project | 1 Wp-filebase Download Manager | 2024-11-21 | 4.3 MEDIUM | 3.5 LOW |
| A vulnerability was found in WP-Filebase Download Manager Plugin 3.4.4. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. | |||||
| CVE-2017-20096 | 1 Wp-spamfree Anti-spam Project | 1 Wp-spamfree Anti-spam | 2024-11-21 | 4.3 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic has been found in WP-SpamFree Anti-Spam Plugin 2.1.1.4. This affects an unknown part. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely. | |||||
| CVE-2017-20094 | 1 Newstatpress Project | 1 Newstatpress | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in NewStatPress Plugin 1.2.4. This issue affects some unknown processing. The manipulation leads to basic cross site scripting (Persistent). The attack may be initiated remotely. Upgrading to version 1.2.5 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20092 | 1 Yoast | 1 Google Analytics Dashboard | 2024-11-21 | 4.3 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic was found in Google Analytics Dashboard Plugin 2.1.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched remotely. | |||||
| CVE-2017-20089 | 1 Gwolle Guestbook Project | 1 Gwolle Guestbook | 2024-11-21 | 4.3 MEDIUM | 3.5 LOW |
| A vulnerability was found in Gwolle Guestbook Plugin 1.7.4. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. | |||||
| CVE-2017-20087 | 1 Thealpinepress | 1 Alpine-photo-tile-for-instagram | 2024-11-21 | 4.3 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in Alpine PhotoTile for Instagram Plugin 1.2.7.7. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. | |||||
| CVE-2017-20085 | 1 Bytesforall | 1 Atahualpa | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability has been found in Atahualpa Theme and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched remotely. | |||||