Total
42050 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7871 | 1 Tdm Project | 1 Tdm | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in tdm-master/webhook.php (challenge parameter). | |||||
| CVE-2017-8125 | 1 Huawei | 1 Uma | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The UMA product with software V200R001 and V300R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks. | |||||
| CVE-2017-7855 | 1 Icewarp | 1 Server | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter. | |||||
| CVE-2017-14718 | 1 Wordpress | 1 Wordpress | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. | |||||
| CVE-2016-5980 | 1 Ibm | 1 Tririga Application Platform | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2017-1335 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126243. | |||||
| CVE-2016-9986 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120552. | |||||
| CVE-2015-5057 | 1 Broken Link Checker Project | 1 Broken Link Checker | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed. | |||||
| CVE-2016-9000 | 1 Ibm | 2 Infosphere Datastage, Infosphere Information Server On Cloud | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct clickjacking or other client-side browser attacks. | |||||
| CVE-2017-5008 | 1 Google | 1 Chrome | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | |||||
| CVE-2017-15294 | 1 Sap | 1 Customer Relationship Management | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964. | |||||
| CVE-2016-8943 | 1 Ibm | 2 Spectrum Control, Tivoli Storage Productivity Center | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Tivoli Storage Productivity Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2017-1305 | 1 Ibm | 1 Rational Doors Next Generation | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125459. | |||||
| CVE-2017-12583 | 1 Dokuwiki | 1 Dokuwiki | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php. | |||||
| CVE-2017-14510 | 1 Sugarcrm | 1 Sugarcrm | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). The WebToLeadCapture functionality is found vulnerable to unauthenticated cross-site scripting (XSS) attacks. This attack vector is mitigated by proper validating the redirect URL values being passed along. | |||||
| CVE-2017-12131 | 1 Goldplugins | 1 Easy Testimonials | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial Excerpt Options screens. | |||||
| CVE-2017-12927 | 1 Cacti | 1 Cacti | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php. | |||||
| CVE-2016-7469 | 1 F5 | 16 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 13 more | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility client to become unstable. | |||||
| CVE-2017-1320 | 1 Ibm | 1 Tivoli Federated Identity Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125732. | |||||
| CVE-2017-11181 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subject and Message fields are vulnerable. | |||||