Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1365 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 126858. | |||||
| CVE-2017-1000462 | 1 Bookstackapp | 1 Bookstack | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code. | |||||
| CVE-2017-1000482 | 1 Plone | 1 Plone | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page. | |||||
| CVE-2017-1000495 | 1 Quickappscms | 1 Quickapps Cms | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account | |||||
| CVE-2017-1000467 | 1 Lavalite | 1 Lavalite | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code. | |||||
| CVE-2017-1000478 | 1 Elabftw | 1 Elabftw | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service. | |||||
| CVE-2018-5249 | 1 Shaarli Project | 1 Shaarli | 2018-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form's username field (aka the login parameter to the ban_canLogin function in index.php). | |||||
| CVE-2018-5077 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-01-17 | 3.5 LOW | 4.8 MEDIUM |
| Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter. | |||||
| CVE-2018-5076 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-01-17 | 3.5 LOW | 4.8 MEDIUM |
| Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter. | |||||
| CVE-2018-5078 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-01-16 | 3.5 LOW | 4.8 MEDIUM |
| Online Ticket Booking has XSS via the admin/eventlist.php cast parameter. | |||||
| CVE-2017-1000491 | 1 Shiba Project | 1 Shiba | 2018-01-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration. | |||||
| CVE-2017-1000466 | 1 Invoiceninja | 1 Invoice Ninja | 2018-01-16 | 3.5 LOW | 5.4 MEDIUM |
| Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result in disruption of service and execution of javascript code. | |||||
| CVE-2017-18006 | 1 Extensis | 1 Portfolio Netpublish | 2018-01-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447. | |||||
| CVE-2018-5072 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-01-16 | 3.5 LOW | 4.8 MEDIUM |
| Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter. | |||||
| CVE-2018-5074 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-01-16 | 3.5 LOW | 4.8 MEDIUM |
| Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter. | |||||
| CVE-2017-1673 | 1 Ibm | 1 Security Key Lifecycle Manager | 2018-01-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133640. | |||||
| CVE-2018-5215 | 1 Fork-cms | 1 Fork Cms | 2018-01-16 | 3.5 LOW | 5.4 MEDIUM |
| Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter. | |||||
| CVE-2018-5216 | 1 Radiantcms | 1 Radiant Cms | 2018-01-16 | 3.5 LOW | 5.4 MEDIUM |
| Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_content parameter to an admin/pages/*/edit resource. | |||||
| CVE-2018-5212 | 1 Simple Download Monitor Project | 1 Simple Download Monitor | 2018-01-16 | 3.5 LOW | 5.4 MEDIUM |
| The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php. | |||||
| CVE-2018-5213 | 1 Simple Download Monitor Project | 1 Simple Download Monitor | 2018-01-16 | 3.5 LOW | 5.4 MEDIUM |
| The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php. | |||||