Total
42056 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6395 | 1 Hashover Project | 1 Hashover | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in HashOver 2.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the 'hashover/scripts/widget-output.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-11507 | 1 Check Mk Project | 1 Check Mk | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page. | |||||
| CVE-2017-5516 | 1 Metalgenix | 1 Genixcms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters. | |||||
| CVE-2017-2274 | 1 Buffalo | 4 Wmr-433, Wmr-433 Firmware, Wmr-433w and 1 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-2172 | 1 Cybozu | 1 Kunai | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-2687 | 1 Siemens | 1 Ruggedcom Rox I | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induced to click on a malicious link. | |||||
| CVE-2016-4855 | 1 Adodb Project | 1 Adodb | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-1536 | 1 Ibm | 1 Websphere Portal | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130733. | |||||
| CVE-2017-5256 | 1 Cambiumnetworks | 4 Epmp 1000, Epmp 1000 Firmware, Epmp 2000 and 1 more | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting (XSS) injection. | |||||
| CVE-2016-2975 | 1 Ibm | 1 Sametime | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113935. | |||||
| CVE-2017-12813 | 1 Stivasoft | 1 Phpjabbers File Sharing Script | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section. | |||||
| CVE-2016-7810 | 1 Corega | 2 Cg-wlr300nx, Cg-wlr300nx Firmware | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-7241 | 1 Mantisbt | 1 Mantisbt | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings allows it. This is fixed in 1.3.9, 2.1.3, and 2.2.3. Note that this vulnerability is not exploitable if the admin tools directory is removed, as recommended in the "Post-installation and upgrade tasks" of the MantisBT Admin Guide. A reminder to do so is also displayed on the login page. | |||||
| CVE-2017-1593 | 1 Ibm | 1 Rational Doors Next Generation | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132494. | |||||
| CVE-2017-1100 | 1 Ibm | 1 Rational Quality Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120661. | |||||
| CVE-2017-15648 | 1 Phpsugar | 1 Php Melody | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter. | |||||
| CVE-2016-10203 | 1 Zoneminder | 1 Zoneminder | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor. | |||||
| CVE-2017-9555 | 1 Synology | 1 Photo Station | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter. | |||||
| CVE-2016-0265 | 1 Ibm | 1 Campaign | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |||||
| CVE-2012-4569 | 1 Letodms Project | 1 Letodms | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in out/out.UsrMgr.php in LetoDMS (formerly MyDMS) before 3.3.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||