Total
41631 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1000491 | 1 Shiba Project | 1 Shiba | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration. | |||||
| CVE-2017-1000488 | 2 Acquia, Mautic | 2 Mautic, Mautic | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form. | |||||
| CVE-2017-1000482 | 1 Plone | 1 Plone | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page. | |||||
| CVE-2017-1000478 | 1 Elabftw | 1 Elabftw | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service. | |||||
| CVE-2017-1000467 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code. | |||||
| CVE-2017-1000466 | 1 Invoiceninja | 1 Invoice Ninja | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result in disruption of service and execution of javascript code. | |||||
| CVE-2017-1000465 | 1 Sulu | 1 Sulu-standard | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Sulu-standard version 1.6.6 is vulnerable to stored cross-site scripting vulnerability, within the page creation page, which can result in disruption of service and execution of javascript code. | |||||
| CVE-2017-1000463 | 1 Leafpub | 1 Leafpub | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the edit blog post page, which can result in disruption of service and execution of javascript code. | |||||
| CVE-2017-1000462 | 1 Bookstackapp | 1 Bookstack | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code. | |||||
| CVE-2017-1000459 | 1 Leanote | 1 Leanote | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes | |||||
| CVE-2017-1000457 | 1 Mojoportal | 1 Mojoportal | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote attackers to inject arbitrary web script or HTML via the helpkey parameter. Exploitation requires authenticated reflected cross-site scripting for user accounts assigned either the "Administrators" or "Content Administrators" role. | |||||
| CVE-2017-1000443 | 1 Openhacker Project | 1 Openhacker | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnerability in the bank transactions component resulting in arbitrary code execution in the browser. | |||||
| CVE-2017-1000442 | 1 Passbolt | 1 Passbolt Api | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace | |||||
| CVE-2017-1000431 | 1 Ez | 1 Ez Publish | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials. | |||||
| CVE-2017-1000429 | 1 Finecms Project | 1 Finecms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php. | |||||
| CVE-2017-1000428 | 1 Flatcore | 1 Flatcore-cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER['PHP_SELF'] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string. | |||||
| CVE-2017-1000427 | 1 Marked Project | 1 Marked | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser. | |||||
| CVE-2017-1000426 | 1 Omniscale | 1 Mapproxy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MapProxy version 1.10.3 and older is vulnerable to a Cross Site Scripting attack in the demo service resulting in possible information disclosure. | |||||
| CVE-2017-1000425 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter. | |||||
| CVE-2017-1000404 | 1 Jenkins | 1 Delivery Pipeline | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs. | |||||