Total
37820 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5191 | 1 Netiq | 1 Access Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header. | |||||
| CVE-2017-1354 | 1 Ibm | 1 Atlas Ediscovery Process Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126681. | |||||
| CVE-2016-8922 | 1 Ibm | 2 Web Content Manager Production Analytics, Websphere Portal | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Exphox WebRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2017-1000160 | 1 Expressionengine | 1 Expressionengine | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection | |||||
| CVE-2017-12347 | 1 Cisco | 1 Data Center Network Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247. | |||||
| CVE-2017-8052 | 1 Craftcms | 1 Craft Cms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Craft CMS before 2.6.2974 allows XSS attacks. | |||||
| CVE-2016-6037 | 1 Ibm | 2 Rational Quality Manager, Rational Team Concert | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
| IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 116918. | |||||
| CVE-2015-0101 | 1 Ibm | 1 Business Process Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; IBM Business Process Manager Express 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; and IBM Business Process Manager Advanced 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5. | |||||
| CVE-2017-1502 | 1 Ibm | 1 Content Navigator | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129577. | |||||
| CVE-2017-12066 | 1 Cacti | 1 Cacti | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists because of an incomplete fix (lack of the htmlspecialchars ENT_QUOTES flag) for CVE-2017-11163. | |||||
| CVE-2017-9243 | 1 Aries Networks | 2 Qwr-1104 Wireless-n Router, Qwr-1104 Wireless-n Router Firmware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 has XSS on the Wireless Site Survey page, exploitable with the name of an access point. | |||||
| CVE-2017-12906 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php. | |||||
| CVE-2017-1000227 | 1 Parallelus | 1 Salutation | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can | |||||
| CVE-2016-9747 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Engineering Lifecycle Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2017-16815 | 1 Snapcreek | 1 Duplicator | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values "url_new" (/wp-content/plugins/duplicator/installer/build/view.step4.php) and "logging" (wp-content/plugins/duplicator/installer/build/view.step2.php) are not filtered correctly. | |||||
| CVE-2017-12648 | 1 Liferay | 1 Liferay Portal | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL. | |||||
| CVE-2017-3874 | 1 Cisco | 1 Unified Communications Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. More Information: CSCvb70033. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.507) 11.0(1.23900.5) 11.0(1.23900.3) 10.5(2.15900.2). | |||||
| CVE-2017-6908 | 1 Concrete5 | 1 Concrete5 | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (fID) passed to the "concrete5-legacy-master/web/concrete/tools/files/selector_data.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2016-9406 | 1 Mybb | 2 Merge System, Mybb | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the User control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-13671 | 1 Misp | 1 Misp | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation. | |||||