Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17868 | 1 Liferay | 1 Liferay Portal | 2018-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag. | |||||
| CVE-2017-17907 | 1 Car Rental Script Project | 1 Car Rental Script | 2018-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter. | |||||
| CVE-2017-17896 | 1 Basic Job Site Script Project | 1 Basic Job Site Script | 2018-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Readymade Job Site Script has XSS via the keyword parameter to the /job URI. | |||||
| CVE-2017-17994 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2018-01-09 | 3.5 LOW | 5.4 MEDIUM |
| Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request. | |||||
| CVE-2017-17995 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2018-01-09 | 3.5 LOW | 5.4 MEDIUM |
| Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request. | |||||
| CVE-2017-17993 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2018-01-09 | 3.5 LOW | 5.4 MEDIUM |
| Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request. | |||||
| CVE-2017-17991 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2018-01-09 | 3.5 LOW | 5.4 MEDIUM |
| Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request. | |||||
| CVE-2017-17989 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2018-01-09 | 3.5 LOW | 5.4 MEDIUM |
| Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action. | |||||
| CVE-2017-17744 | 1 Webdesi9 | 1 Custom Map | 2018-01-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the custom-map plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter to view/advancedsettings.php. | |||||
| CVE-2017-17719 | 1 Olyos | 1 Wp-concours | 2018-01-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the wp-concours plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the result_message parameter to includes/concours_page.php. | |||||
| CVE-2017-17752 | 1 Codecrafters | 1 Ability Mail Server | 2018-01-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.2.4. | |||||
| CVE-2011-4541 | 1 Hastymail | 1 Hastymail2 | 2018-01-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Hastymail2 2.1.1 before RC2 allows remote attackers to inject arbitrary web script or HTML via the rs parameter in a mailbox Drafts action. | |||||
| CVE-2012-1512 | 1 Vmware | 1 Vsphere | 2018-01-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the internal browser in vSphere Client in VMware vSphere 4.1 before Update 2 and 5.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via a crafted log-file entry. | |||||
| CVE-2012-0225 | 1 Invensys | 1 Wonderware Information Server | 2018-01-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-4540 | 1 Atmail | 1 Atmail Open | 2018-01-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AtMail Open (aka AtMail Open-Source edition) 1.04 allow remote attackers to inject arbitrary web script or HTML via the func parameter to (1) ldap.php or (2) search.php. | |||||
| CVE-2017-1751 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2018-01-05 | 3.5 LOW | 5.4 MEDIUM |
| IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135546. | |||||
| CVE-2011-4955 | 1 Bsuite Project | 1 Bsuite | 2018-01-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in the bSuite plugin before 5 alpha 3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or (2) p parameters to index.php. | |||||
| CVE-2017-17745 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2018-01-05 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter. | |||||
| CVE-2017-17775 | 1 Piwigo | 1 Piwigo | 2018-01-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request. | |||||
| CVE-2017-17753 | 1 Csv-import-export Project | 1 Csv-import-export | 2018-01-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the esb-csv-import-export plugin through 1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cie_type, (2) cie_import, (3) cie_update, or (4) cie_ignore parameter to includes/admin/views/esb-cie-import-export-page.php. | |||||