Total
42043 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15809 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag. | |||||
| CVE-2017-16906 | 1 Horde | 1 Groupware | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action. | |||||
| CVE-2016-8748 | 1 Apache | 1 Nifi | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM. | |||||
| CVE-2017-5942 | 1 Wp Mail Project | 1 Wp Mail | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail. | |||||
| CVE-2017-14588 | 1 Atlassian | 2 Crucible, Fisheye | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter. | |||||
| CVE-2017-7590 | 1 Openidm Project | 1 Openidm | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name. | |||||
| CVE-2017-7621 | 1 Auromeera | 1 Emli | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting Vulnerability in core-eMLi in AuroMeera Technometrix Pvt. Ltd. eMLi V1.0 allows an Attacker to send malicious code, generally in the form of a browser-side script, to a different end user via the page parameter to code/student_portal/home.php. The affected versions are eMLi School Management 1.0, eMLi College Campus Management 1.0, and eMLi University Management 1.0. | |||||
| CVE-2017-14197 | 1 Squiz | 1 Matrix | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting (XSS) issues in Matrix WYSIWYG plugins. | |||||
| CVE-2017-1461 | 1 Ibm | 1 Rational Doors Next Generation | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128460. | |||||
| CVE-2017-1002017 | 1 Bobcares | 1 Gift-certificate-creator | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability. | |||||
| CVE-2017-9508 | 1 Atlassian | 2 Crucible, Fisheye | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file. | |||||
| CVE-2017-1000063 | 1 Kitto Project | 1 Kitto | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 page resulting in information disclosure | |||||
| CVE-2017-3129 | 1 Fortinet | 1 Fortiweb | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature. | |||||
| CVE-2014-5144 | 1 Telescopeapp | 1 Telescope | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Telescope before 0.9.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted markdown. | |||||
| CVE-2017-8897 | 1 Invisioncommunity | 1 Invision Power Board | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF8 Converter vulnerability can easily be used to make a malicious announcement affecting any Invision Power Board user who views the announcement. | |||||
| CVE-2017-3933 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack. | |||||
| CVE-2016-5761 | 1 Novell | 1 Groupwise | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email. | |||||
| CVE-2015-6502 | 1 Puppet | 1 Puppet Enterprise | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the console in Puppet Enterprise before 2015.2.1 allows remote attackers to inject arbitrary web script or HTML via the string parameter, related to Login Redirect. | |||||
| CVE-2017-14921 | 1 Tine20 | 1 Tine 2.0 | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | |||||
| CVE-2017-9516 | 1 Craftcms | 1 Craft Cms | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file. | |||||