Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6189 | 1 F-secure | 1 Radar | 2018-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| F-Secure Radar (on-premises) before 2018-02-15 has XSS via vectors involving the Tags parameter in the JSON request body in an outbound request for the /api/latest/vulnerabilityscans/tags/batch resource, aka a "suggested metadata tags for assets" issue. | |||||
| CVE-2018-4876 | 1 Adobe | 1 Experience Manager | 2018-03-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to cross-site scripting via a bypass of the Sling XSSAPI#getValidHref function. | |||||
| CVE-2018-0864 | 1 Microsoft | 1 Sharepoint Server | 2018-03-14 | 3.5 LOW | 5.4 MEDIUM |
| SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 allow an information disclosure vulnerability due to how web requests are handled, aka "Microsoft SharePoint Information Disclosure Vulnerability". | |||||
| CVE-2016-7394 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2018-03-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie. | |||||
| CVE-2018-6936 | 1 D-link | 2 Dir-600m C1, Dir-600m C1 Firmware | 2018-03-13 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account. | |||||
| CVE-2018-7303 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2018-03-13 | 3.5 LOW | 5.4 MEDIUM |
| The Calendar component in Tiki 17.1 allows HTML injection. | |||||
| CVE-2018-7188 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2018-03-13 | 3.5 LOW | 5.4 MEDIUM |
| An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php. | |||||
| CVE-2017-8993 | 1 Microfocus | 1 Project And Portfolio Management | 2018-03-12 | 3.5 LOW | 5.4 MEDIUM |
| A Remote Cross-Site Scripting vulnerability in HPE Project and Portfolio Management (PPM) version v9.30, v9.31, v9.32, v9.40 was found. | |||||
| CVE-2014-5024 | 1 Sonicwall | 3 Analyzer, Global Management System, Uma Em5000 | 2018-03-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id parameter. | |||||
| CVE-2014-0332 | 1 Sonicwall | 3 Analyzer, Global Management System, Uma E5000 | 2018-03-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the node_id parameter in a ScreenDisplayManager genNetwork action. | |||||
| CVE-2013-7025 | 1 Sonicwall | 4 Analyzer, Global Management System, Uma E5000 and 1 more | 2018-03-12 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp. | |||||
| CVE-2017-5800 | 1 Hp | 1 Operations Bridge Analytics | 2018-03-12 | 3.5 LOW | 5.4 MEDIUM |
| A Remote Cross-Site Scripting (XSS) vulnerability in HPE Operations Bridge Analytics version v3.0 was found. | |||||
| CVE-2018-7057 | 1 Steelcase | 2 Roomwizard, Roomwizard Firmware | 2018-03-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName parameter. | |||||
| CVE-2017-1682 | 1 Ibm | 1 Connections | 2018-03-12 | 3.5 LOW | 5.4 MEDIUM |
| IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134004. | |||||
| CVE-2017-1462 | 1 Ibm | 1 Rational Rhapsody Design Manager | 2018-03-12 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128461. | |||||
| CVE-2018-7302 | 1 Tiki | 1 Tiki | 2018-03-12 | 3.5 LOW | 5.4 MEDIUM |
| Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS. | |||||
| CVE-2017-18093 | 1 Atlassian | 2 Crucible, Fisheye | 2018-03-12 | 3.5 LOW | 4.8 MEDIUM |
| Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allow remote attackers who have permission to add or modify a repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the location setting of a configured repository. | |||||
| CVE-2017-18092 | 1 Atlassian | 1 Crucible | 2018-03-12 | 3.5 LOW | 5.4 MEDIUM |
| The print snippet resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of a comment on the snippet. | |||||
| CVE-2018-0513 | 1 Mtssb.mt-systems | 1 Simple Booking | 2018-03-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in MTS Simple Booking C, MTS Simple Booking Business version 1.28.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-16755 | 1 Userscape | 1 Helpspot | 2018-03-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Userscape HelpSpot before 4.7.2. A reflected cross-site scripting vulnerability exists in the "return" parameter of the "index.php?pg=moderated" endpoint. It executes when the return link is clicked. | |||||