Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4522 | 1 Advantech | 1 Advantech Webaccess | 2018-01-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2011-4523 | 1 Advantech | 1 Advantech Webaccess | 2018-01-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in bwview.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2017-15312 | 1 Huawei | 1 Smartcare | 2018-01-04 | 3.5 LOW | 5.4 MEDIUM |
| Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) vulnerability in the dashboard module. A remote authenticated attacker could exploit this vulnerability to inject malicious scripts in the affected device. | |||||
| CVE-2017-17737 | 1 Brightsign | 2 4k242, 4k242 Firmware | 2018-01-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html. | |||||
| CVE-2017-17792 | 1 Blogotext Project | 1 Blogotext | 2018-01-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in the markup_clean_href function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment. | |||||
| CVE-2017-14134 | 1 Maplesoft | 1 Maple T.a. | 2018-01-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected XSS Vulnerability affects the forgotten password page of Maplesoft Maple T.A. 2016.0.6 (Customer Hosted) via the emailAddress parameter to passwordreset/PasswordReset.do, aka Open Bug Bounty ID OBB-286688. | |||||
| CVE-2017-17714 | 1 Boxug | 1 Trape | 2018-01-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter. | |||||
| CVE-2012-2269 | 1 Owncloud | 1 Owncloud | 2018-01-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary field to apps/contacts/ajax/addcard.php, (2) the parameter parameter to apps/contacts/ajax/addproperty.php, (3) the name parameter to apps/contacts/ajax/createaddressbook, (4) the file parameter to files/download.php, or the (5) name, (6) user, or (7) redirect_url parameter to files/index.php. | |||||
| CVE-2017-1600 | 1 Ibm | 1 Security Guardium | 2018-01-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132613. | |||||
| CVE-2017-17825 | 1 Piwigo | 1 Piwigo | 2018-01-03 | 3.5 LOW | 4.8 MEDIUM |
| The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data stored in it. | |||||
| CVE-2017-17826 | 1 Piwigo | 1 Piwigo | 2018-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.php?page=configuration§ion=main request. An attacker can exploit this to hijack a client's browser along with the data stored in it. | |||||
| CVE-2017-17778 | 1 Paid To Read Script Project | 1 Paid To Read Script | 2018-01-03 | 3.5 LOW | 4.8 MEDIUM |
| Paid To Read Script 2.0.5 has XSS via the referrals.php tier parameter or the admin/userview.php uid parameter. | |||||
| CVE-2017-6486 | 1 Reasoncms | 1 Reasoncms | 2018-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) issue was discovered in reasoncms before 4.7.1. The vulnerability exists due to insufficient filtration of user-supplied data (nyroModalSel) passed to the "reasoncms-master/www/nyroModal/demoSent.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2014-0330 | 1 Dell | 2 Kace K1000 Systems Management Appliance, Kace K1000 Systems Management Appliance Software | 2018-01-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management appliance 5.5.90545 allows remote attackers to inject arbitrary web script or HTML via the LABEL_ID parameter. | |||||
| CVE-2014-0680 | 1 Cisco | 1 Identity Services Engine | 2018-01-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the HTTP control interface in the NAC Web Agent component in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCui15038. | |||||
| CVE-2014-0681 | 1 Cisco | 1 Identity Services Engine Software | 2018-01-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via a report containing a crafted URL that is not properly handled during generation of report-output pages, aka Bug ID CSCui15064. | |||||
| CVE-2017-16950 | 1 Urbackup | 1 Urbackup Server | 2018-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross - site scripting (XSS) vulnerability in UrBackup Server before 2.1.20 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2017-16723 | 1 Phoenixcontact | 26 Fl Com Server Rs232, Fl Com Server Rs232 Firmware, Fl Com Server Rs485 and 23 more | 2018-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERVER RS232, FL COM SERVER RS485, and PSI-MODEM/ETH (running firmware versions prior to 1.99, 2.20, or 2.40). The cross-site scripting vulnerability has been identified, which may allow remote code execution. | |||||
| CVE-2017-7554 | 1 Redhat | 1 Mobile Application Platform | 2017-12-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using App Studio. | |||||
| CVE-2017-14510 | 1 Sugarcrm | 1 Sugarcrm | 2017-12-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). The WebToLeadCapture functionality is found vulnerable to unauthenticated cross-site scripting (XSS) attacks. This attack vector is mitigated by proper validating the redirect URL values being passed along. | |||||