Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5071 | 1 Cobham | 2 Sea Tel 116, Sea Tel 116 Firmware | 2018-02-02 | 3.5 LOW | 5.4 MEDIUM |
| Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is similar to a Cross Protocol Injection with SNMP. | |||||
| CVE-2017-16514 | 1 Websitebaker | 1 Websitebaker | 2018-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities in the files /wb/admin/admintools/tool.php (Droplet Description) and /install/index.php (Site Title) in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in the application. | |||||
| CVE-2017-1000465 | 1 Sulu | 1 Sulu-standard | 2018-02-01 | 3.5 LOW | 5.4 MEDIUM |
| Sulu-standard version 1.6.6 is vulnerable to stored cross-site scripting vulnerability, within the page creation page, which can result in disruption of service and execution of javascript code. | |||||
| CVE-2017-18024 | 1 Avantfax | 1 Avantfax | 2018-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1. | |||||
| CVE-2017-7998 | 1 Gespage | 1 Gespage | 2018-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Gespage before 7.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) printer name when adding a printer in the admin panel or (2) username parameter to webapp/users/user_reg.jsp. | |||||
| CVE-2015-7485 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2018-02-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108626. | |||||
| CVE-2017-18023 | 1 Officetracker | 1 Officetracker | 2018-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Office Tracker 11.2.5 has XSS via the logincount parameter to the /otweb/OTPClientLogin URI. | |||||
| CVE-2017-14096 | 1 Trendmicro | 1 Smart Protection Server | 2018-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems. | |||||
| CVE-2015-7486 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2018-02-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108633. | |||||
| CVE-2015-7474 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2018-02-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Jazz Foundation in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108501. | |||||
| CVE-2018-5776 | 1 Wordpress | 1 Wordpress | 2018-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement). | |||||
| CVE-2017-16864 | 1 Atlassian | 1 Jira | 2018-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter. | |||||
| CVE-2018-5692 | 1 Piwigo | 1 Piwigo | 2018-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file. | |||||
| CVE-2018-5689 | 1 Dotclear | 1 Dotclear | 2018-01-31 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email. | |||||
| CVE-2018-5690 | 1 Dotclear | 1 Dotclear | 2018-01-31 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number). | |||||
| CVE-2017-1739 | 1 Ibm | 1 Curam Social Program Management | 2018-01-31 | 3.5 LOW | 5.4 MEDIUM |
| IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134921. | |||||
| CVE-2017-1740 | 1 Ibm | 1 Curam Social Program Management | 2018-01-31 | 3.5 LOW | 5.4 MEDIUM |
| IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134922. | |||||
| CVE-2018-5681 | 1 Prestashop | 1 Prestashop | 2018-01-31 | 3.5 LOW | 5.4 MEDIUM |
| PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit page" screen. | |||||
| CVE-2018-5316 | 1 Patsatech | 1 Sagepay Server Gateway For Woocommerce | 2018-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter. | |||||
| CVE-2012-6682 | 1 Dragonbyte-tech | 1 Vbdownloads Module | 2018-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in downloads/actions/editdownload.php in the DragonByte Technologies vBDownloads module 1.3.2 and earlier for vBulletin allows remote attackers to inject arbitrary web script or HTML via the mirrors[] parameter. | |||||