Total
42037 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1530 | 1 Ibm | 1 Business Process Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130409. | |||||
| CVE-2015-8354 | 1 Ultimatemember | 1 Ultimate Member | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php. | |||||
| CVE-2017-1000033 | 1 Vospari Forms Project | 1 Vospari Forms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Wordpress Plugin Vospari Forms version < 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user. | |||||
| CVE-2017-1500 | 1 Ibm | 2 Mobilefirst Platform Foundation, Worklight | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in authenticationConfig.xml, you get an HTTP 403 Forbidden response and the value will be reflected in the body of the HTTP response. By setting it to arbitrary JavaScript code it is possible to modify the flow of the authorization function, potentially leading to credential disclosure within a trusted session. | |||||
| CVE-2017-6818 | 1 Wordpress | 1 Wordpress | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names. | |||||
| CVE-2017-14995 | 1 Wso2 | 8 Application Server, Business Process Server, Business Rules Server and 5 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Management Console in WSO2 Application Server 5.3.0, WSO2 Business Process Server 3.6.0, WSO2 Business Rules Server 2.2.0, WSO2 Complex Event Processor 4.2.0, WSO2 Dashboard Server 2.0.0, WSO2 Data Analytics Server 3.1.0, WSO2 Data Services Server 3.5.1, and WSO2 Machine Learner 1.2.0 is affected by stored XSS. | |||||
| CVE-2017-17925 | 1 Ordermanagementscript | 1 Professional Service Script | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter. | |||||
| CVE-2014-2045 | 1 Viprinet | 2 Multichannel Vpn Router 300, Multichannel Vpn Router 300 Firmware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool. | |||||
| CVE-2016-2803 | 1 Mozilla | 1 Bugzilla | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2016-9910 | 1 Html5lib | 1 Html5lib | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909. | |||||
| CVE-2014-9905 | 1 Alinto | 1 Sogo | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields. | |||||
| CVE-2017-8892 | 1 Opentext | 1 Tempo Box | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image. | |||||
| CVE-2015-9102 | 1 Synology | 1 Photo Station | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos. | |||||
| CVE-2017-14735 | 1 Antisamy Project | 1 Antisamy | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL. | |||||
| CVE-2016-6201 | 1 Ektron | 1 Ektron Content Management System | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the ContType parameter in a ViewContentByCategory action to WorkArea/content.aspx. | |||||
| CVE-2015-5532 | 1 Strangerstudios | 1 Paid Memberships Pro | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to membershiplevels.php, (2) memberslist.php, or (3) orders.php in adminpages/ or the (4) edit parameter to adminpages/membershiplevels.php. | |||||
| CVE-2017-1546 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130915. | |||||
| CVE-2017-14516 | 1 Sap | 1 Businessobjects Financial Consolidation | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note 2422292. | |||||
| CVE-2015-8687 | 1 Alcatel-lucent | 1 Motive Home Device Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager (HDM) before 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceTypeID parameter to DeviceType/getDeviceType.do; the (2) policyActionClass or (3) policyActionName parameter to PolicyAction/findPolicyActions.do; the deviceID parameter to (4) SingleDeviceMgmt/getDevice.do or (5) device/editDevice.do; the operation parameter to (6) ajax.do or (7) xmlHttp.do; or the (8) policyAction, (9) policyClass, or (10) policyName parameter to policy/findPolicies.do. | |||||
| CVE-2017-1447 | 1 Ibm | 1 Emptoris Sourcing | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172. | |||||