Total
42040 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11289 | 1 Adobe | 1 Connect | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure. | |||||
| CVE-2014-8753 | 1 Cit-e-net | 1 Cit-e-access | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Cit-e-Net Cit-e-Access 6. | |||||
| CVE-2015-2883 | 1 Philips | 1 In.sight B120\\37 | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php. | |||||
| CVE-2016-3049 | 1 Ibm | 1 Openpages Grc Platform | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 114712. | |||||
| CVE-2016-7841 | 1 Olive Design | 1 Olive Diary Dx | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Olive Diary DX allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2017-5241 | 1 Biscom | 1 Secure File Transfer | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting (XSS) in the "Name" and "Description" fields of a Workspace, as well as the "Description" field of a File Details pane of a file stored in a Workspace. This issue has been resolved in version 5.1.1025. | |||||
| CVE-2017-9979 | 1 Osnexus | 1 Quantastor | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn't sanitized in this case. An attacker can leverage this issue by including arbitrary HTML or JavaScript code as a parameter, aka XSS. | |||||
| CVE-2016-7840 | 1 Olive Design | 1 Olive Blog | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WEB SCHEDULE allows remote attackers to inject arbitrary web script or HTML via the month parameter. | |||||
| CVE-2016-6056 | 1 Ibm | 1 Call Center For Commerce | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Call Center for Commerce 9.3 and 9.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000442. | |||||
| CVE-2016-4880 | 1 Basercms | 1 Basercms | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-5962 | 1 Netresearch | 1 Contexts Wurfl | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in contexts_wurfl (for TYPO3) before 0.4.2. The vulnerability exists due to insufficient filtration of user-supplied data in the "force_ua" HTTP GET parameter passed to the "/contexts_wurfl/Library/wurfl-dbapi-1.4.4.0/check_wurfl.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-2256 | 1 Cybozu | 1 Garoon | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo". | |||||
| CVE-2016-5205 | 1 Google | 1 Chrome | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferred page loads, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | |||||
| CVE-2015-8815 | 1 Umbraco | 1 Umbraco | 2025-04-20 | 5.0 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page. | |||||
| CVE-2017-6392 | 1 Kaltura | 1 Kaltura Server | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "server-Lynx-12.11.0/admin_console/web/tools/XmlJWPlayer.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2016-6114 | 1 Ibm | 1 Emptoris Sourcing | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118352. | |||||
| CVE-2017-5045 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page. | |||||
| CVE-2017-11128 | 1 Boltcms | 1 Bolt | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry. | |||||
| CVE-2017-5164 | 1 Binom3 | 2 Universal Multifunctional Electric Power Quality Meter, Universal Multifunctional Electric Power Quality Meter Firmware | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Input sent from a malicious client is not properly verified by the server. An attacker can execute arbitrary script code in another user's browser session (CROSS-SITE SCRIPTING). | |||||
| CVE-2017-11516 | 1 Yiiframework | 1 Yii | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled. | |||||