Total
41631 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12614 | 1 Apache | 1 Airflow | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above. | |||||
| CVE-2017-12590 | 1 Asus | 2 Rt-n14uhp, Rt-n14uhp Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a reflected XSS vulnerability in the "flag" parameter. | |||||
| CVE-2017-12544 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2017-12307 | 1 Cisco | 170 Esw2-350g-52, Esw2-350g-52 Firmware, Esw2-350g-52dc and 167 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting and injecting code into a user request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. This vulnerability affects the following Cisco Small Business 300 and 500 Series Managed Switches: Cisco Small Business 300 Series Managed Switches, Cisco Small Business 500 Series Stackable Managed Switches, Cisco 350 Series Managed Switches, Cisco 350X Series Stackable Managed Switches, Cisco 550X Series Stackable Managed Switches, Cisco ESW2 Series Advanced Switches. Cisco Bug IDs: CSCvg24637. | |||||
| CVE-2017-12175 | 1 Redhat | 1 Satellite | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality. | |||||
| CVE-2017-12098 | 1 Rails Admin Project | 1 Rails Admin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability. | |||||
| CVE-2017-12097 | 1 Delayed Job Web Project | 1 Delayed Job Web | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An exploitable cross site scripting (XSS) vulnerability exists in the filter functionality of the delayed_job_web rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability. | |||||
| CVE-2017-11739 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility Widget" with a "Custom HTML or Text" field. Once this widget is created, it will be loaded on the dashboard where it was added. An attacker can abuse this functionality by creating a "Utility Widget" that contains malicious JavaScript code, aka XSS. | |||||
| CVE-2017-11650 | 1 Draytek | 2 Vigorap 910c, Vigorap 910c Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to inject arbitrary web script or HTML via vectors involving home.asp. | |||||
| CVE-2017-11560 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the application. Thus, an attacker can inject a malicious JavaScript payload inside the HTML file and upload it to the application. | |||||
| CVE-2017-11175 | 1 Siemens | 1 Fin Stack | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In J2 Innovations FIN Stack 4.0, the authentication webform is vulnerable to reflected XSS via the query string to /login. | |||||
| CVE-2017-1002201 | 2 Debian, Haml | 2 Debian Linux, Haml | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code. | |||||
| CVE-2017-1002152 | 1 Redhat | 1 Bodhi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles. | |||||
| CVE-2017-1000510 | 1 Croogo | 1 Croogo | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting (XSS) vulnerability in Page name that can result in execution of javascript code. | |||||
| CVE-2017-1000509 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code. | |||||
| CVE-2017-1000508 | 1 Invoiceplane | 1 Invoiceplane | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Invoice Plane version 1.5.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Client's details that can result in execution of javascript code . This vulnerability appears to have been fixed in 1.5.5 and later. | |||||
| CVE-2017-1000507 | 1 Cnvs | 1 Canvas | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Canvs Canvas version 3.4.2 contains a Cross Site Scripting (XSS) vulnerability in User's details that can result in denial of service and execution of javascript code. | |||||
| CVE-2017-1000506 | 1 Mautic | 1 Mautic | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code. | |||||
| CVE-2017-1000495 | 1 Quickappscms | 1 Quickapps Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account | |||||
| CVE-2017-1000492 | 1 Leanote | 1 Desktop | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration | |||||