Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16801 | 1 Octopus | 1 Octopus Deploy | 2017-12-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Octopus Deploy 3.7.0-3.17.13 (fixed in 3.17.14) allows remote authenticated users to inject arbitrary web script or HTML via the Step Template Name parameter. | |||||
| CVE-2017-1000225 | 1 Relevanssi | 1 Relevanssi | 2017-12-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can | |||||
| CVE-2017-1000223 | 1 Modx | 1 Modx Revolution | 2017-12-01 | 3.5 LOW | 5.4 MEDIUM |
| A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious JavaScript as a User Group name and potentially take control over victims' accounts. This can lead to an escalation of privileges providing complete administrative control over the CMS. | |||||
| CVE-2017-16880 | 1 Whoops Project | 1 Whoops | 2017-12-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| The dump function in Util/TemplateHelper.php in filp whoops before 2.1.13 has XSS. | |||||
| CVE-2012-3999 | 1 Sayakbanerjee | 1 Sticky Notes | 2017-11-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/login.php in Sticky Notes 0.3.09062012.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2017-16815 | 1 Snapcreek | 1 Duplicator | 2017-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values "url_new" (/wp-content/plugins/duplicator/installer/build/view.step4.php) and "logging" (wp-content/plugins/duplicator/installer/build/view.step2.php) are not filtered correctly. | |||||
| CVE-2017-12738 | 1 Siemens | 2 Sm-2556, Sm-2556 Firmware | 2017-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into clicking on a malicious link. | |||||
| CVE-2017-1000240 | 1 Open-emr | 1 Openemr | 2017-11-30 | 3.5 LOW | 5.4 MEDIUM |
| The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML. | |||||
| CVE-2017-16810 | 1 Octopus | 1 Octopus Deploy | 2017-11-30 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 (fixed in 3.13.7) allows remote attackers to inject arbitrary web script or HTML via the Variable Set Name parameter. | |||||
| CVE-2017-9085 | 1 Kodak | 1 Insite | 2017-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 6.5 to 8.0 allow remote attackers to inject arbitrary web script via the (1) "paramFile" parameter to /Site/Troubleshooting/DiagnosticReport.asp, or (2) "paramFile" parameter to /Site/Troubleshooting/SpeedTest.asp. | |||||
| CVE-2015-8793 | 1 Roundcube | 1 Webmail | 2017-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter in a mail task to the default URL, a different vulnerability than CVE-2011-2937. | |||||
| CVE-2005-2981 | 1 Orionserver | 1 Orion Application Server | 2017-11-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error page. | |||||
| CVE-2017-1000188 | 1 Ejs | 1 Ejs | 2017-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection | |||||
| CVE-2012-4496 | 2 Drupal, Inclind | 2 Drupal, Custom Pub | 2017-11-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Custom Publishing Options module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer nodes" permission to inject arbitrary web script or HTML via the status labels parameter. | |||||
| CVE-2017-1000213 | 1 Wbce | 1 Wbce Cms | 2017-11-29 | 3.5 LOW | 4.8 MEDIUM |
| WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search | |||||
| CVE-2017-1000236 | 1 I-librarian | 1 I Librarian | 2017-11-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site. | |||||
| CVE-2017-1000164 | 1 Tine20 | 1 Tine 2.0 | 2017-11-29 | 3.5 LOW | 5.4 MEDIUM |
| Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation | |||||
| CVE-2017-1000239 | 1 Invoiceplane | 1 Invoiceplane | 2017-11-29 | 3.5 LOW | 5.4 MEDIUM |
| InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site. | |||||
| CVE-2017-16782 | 1 Home-assistant | 1 Home-assistant | 2017-11-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS. | |||||
| CVE-2017-7739 | 1 Fortinet | 1 Fortios | 2017-11-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim. | |||||