Total
38104 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3153 | 1 Apache | 1 Atlas | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality. | |||||
| CVE-2016-7138 | 1 Plone | 1 Plone | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-2710 | 1 Oliver Project | 1 Oliver | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Oliver (formerly Webshare) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the (1) login page (index.php) or (2) login form (loginform-inc.php). | |||||
| CVE-2017-9622 | 1 Epesi | 1 Epesi | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data. | |||||
| CVE-2017-0107 | 1 Microsoft | 1 Sharepoint Foundation | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local security context, aka "Microsoft SharePoint XSS Vulnerability." | |||||
| CVE-2015-6959 | 1 Vindula | 1 Vindula | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Vindula 1.9. | |||||
| CVE-2016-5055 | 1 Osram | 1 Lightify Pro | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page. | |||||
| CVE-2017-1359 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126686. | |||||
| CVE-2017-11611 | 1 Wolfcms | 1 Wolf Cms | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of the file name in a "create-file-popup" action, and the directory name in a "create-directory-popup" action, in the HTTP POST method to the "/plugin/file_manager/" script (aka an /admin/plugin/file_manager/browse// URI). | |||||
| CVE-2017-13986 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system. | |||||
| CVE-2017-9781 | 1 Check Mk Project | 1 Check Mk | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the _username parameter when attempting authentication to webapi.py, which is returned unencoded with content type text/html. | |||||
| CVE-2017-12358 | 1 Cisco | 1 Jabber | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf79080, CSCvf79088. | |||||
| CVE-2017-17991 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request. | |||||
| CVE-2017-17954 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter. | |||||
| CVE-2017-15188 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
| A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admin_device/index.php. | |||||
| CVE-2016-1179 | 1 Appleple | 1 A-blog Cms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2017-17949 | 1 Cells | 1 Blog | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter. | |||||
| CVE-2016-7762 | 1 Apple | 1 Iphone Os | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebKit" component, which allows XSS attacks against Safari. | |||||
| CVE-2017-5004 | 2 Emc, Rsa | 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. | |||||
| CVE-2016-9259 | 1 Tenable | 1 Nessus | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||