Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1791 | 1 Ibm | 1 Rational Quality Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137036. | |||||
| CVE-2017-1294 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Quality Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125155. | |||||
| CVE-2017-16767 | 1 Synology | 1 Surveillance Station | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc parameter. | |||||
| CVE-2017-16771 | 1 Synology | 1 Photo Station | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2017-16774 | 1 Synology | 1 Diskstation Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter. | |||||
| CVE-2017-16721 | 1 Geovap | 1 Reliance-scada | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting issue was discovered in Geovap Reliance SCADA Version 4.7.3 Update 2 and prior. This vulnerability could allow an unauthenticated attacker to inject arbitrary code. | |||||
| CVE-2017-16006 | 1 Remarkable Project | 1 Remarkable | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkable allows the use of `data:` URIs in links and can therefore execute javascript. | |||||
| CVE-2017-14799 | 1 Netiq | 1 Access Manager | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page. | |||||
| CVE-2017-15892 | 1 Synology | 1 Chat | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter. | |||||
| CVE-2017-15890 | 1 Synology | 1 Mailplus Server | 2019-10-09 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter. | |||||
| CVE-2017-16019 | 1 Gitbook | 1 Gitbook | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| GitBook is a command line tool (and Node.js library) for building beautiful books using GitHub/Git and Markdown (or AsciiDoc). Stored Cross-Site-Scripting (XSS) is possible in GitBook before 3.2.2 by including code outside of backticks in any ebook. This code will be executed on the online reader. | |||||
| CVE-2017-16017 | 1 Punkave | 1 Sanitize-html | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability. | |||||
| CVE-2017-16015 | 1 Forms Project | 1 Forms | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting | |||||
| CVE-2017-16016 | 1 Punkave | 1 Sanitize-html | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting (XSS) in certain scenarios: If allowed at least one nonTextTags, the result is a potential XSS vulnerability. | |||||
| CVE-2017-16008 | 1 I18next | 1 I18next | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| i18next is a language translation framework. Because of how the interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of the dictionary keys to inject script into the browser. This affects i18next <=1.10.2. | |||||
| CVE-2017-16010 | 1 I18next | 1 I18next | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but is not. This vulnerability affects i18next 2.0.0 and later. | |||||
| CVE-2017-16009 | 2 Ag-grid, Angularjs | 2 Ag-grid, Angularjs | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| ag-grid is an advanced data grid that is library agnostic. ag-grid is vulnerable to Cross-site Scripting (XSS) via Angular Expressions, if AngularJS is used in combination with ag-grid. | |||||
| CVE-2017-15092 | 1 Powerdns | 1 Recursor | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content. | |||||
| CVE-2017-15888 | 1 Synology | 1 Audio Station | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter. | |||||
| CVE-2017-16018 | 1 Restify | 1 Restify | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Restify is a framework for building REST APIs. Restify >=2.0.0 <=4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers. | |||||