Total
42042 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17383 | 1 Jenkins | 1 Jenkins | 2025-04-20 | 3.5 LOW | 4.7 MEDIUM |
| Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624. | |||||
| CVE-2015-6748 | 2 Debian, Jsoup | 2 Debian Linux, Jsoup | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. | |||||
| CVE-2017-6675 | 1 Cisco | 1 Industrial Network Director | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected system. More Information: CSCvd25405. Known Affected Releases: 1.1(0.176). | |||||
| CVE-2017-5961 | 1 Ionizecms | 1 Ionize | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in ionize through 1.0.8. The vulnerability exists due to insufficient filtration of user-supplied data in the "path" HTTP GET parameter passed to the "ionize-master/themes/admin/javascript/tinymce/jscripts/tiny_mce/plugins/codemirror/dialog.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-6734 | 1 Cisco | 1 Identity Services Engine | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected device, related to the Guest Portal. More Information: CSCvd74794. Known Affected Releases: 1.3(0.909) 2.1(0.800). | |||||
| CVE-2016-8927 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118540. | |||||
| CVE-2017-14957 | 1 Blogotext Project | 1 Blogotext | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can (for example) change global settings or create/delete posts. It is also possible to execute JavaScript against unauthenticated users of the blog. | |||||
| CVE-2017-3161 | 1 Apache | 1 Hadoop | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter. | |||||
| CVE-2016-6030 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2017-14751 | 1 Intensewp | 1 Wp Jobs | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field. | |||||
| CVE-2017-11201 | 1 Finecms Project | 1 Finecms | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| application/core/controller/images.php in FineCMS through 2017-07-12 allows remote authenticated admins to conduct XSS attacks by uploading an image via a route=images action. | |||||
| CVE-2017-17745 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter. | |||||
| CVE-2016-10516 | 1 Palletsprojects | 1 Werkzeug | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message. | |||||
| CVE-2017-2146 | 1 Cybozu | 1 Garoon | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu. | |||||
| CVE-2016-9473 | 1 Brave | 1 Browser | 2025-04-20 | 4.3 MEDIUM | 4.7 MEDIUM |
| Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names. | |||||
| CVE-2017-5875 | 1 Dotcms | 1 Dotcms | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter. | |||||
| CVE-2016-8968 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998515. | |||||
| CVE-2017-11686 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method. | |||||
| CVE-2017-10701 | 1 Sap | 1 Enterprise Portal | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516. | |||||
| CVE-2016-6348 | 1 Redhat | 1 Resteasy | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack. | |||||