Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16635 | 1 Tinywebgallery | 1 Tinywebgallery | 2017-11-29 | 3.5 LOW | 5.4 MEDIUM |
| In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the `TWG Explorer` item listing. The request method to inject is POST and the attack vector is located on the application-side of the service. The injection point is the add/create input field and the execution point occurs in the item listing after the add or create. | |||||
| CVE-2017-16636 | 1 Bludit | 1 Bludit | 2017-11-29 | 3.5 LOW | 5.4 MEDIUM |
| In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via editor is GET. To save the editor context, the followup POST method request must be processed to perform the attack via the application side. The basic validation of the editor does not allow injecting script codes and blocks the context. Attackers can inject the code by using an editor tag that is not recognized by the basic validation. Thus allows a restricted user account to inject malicious script code to perform a persistent attack against higher privilege web-application user accounts. | |||||
| CVE-2017-16802 | 1 Misp-project | 1 Misp | 2017-11-29 | 3.5 LOW | 5.4 MEDIUM |
| In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added. | |||||
| CVE-2017-13700 | 1 Moxa | 2 Eds-g512e, Eds-g512e Firmware | 2017-11-29 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface. | |||||
| CVE-2013-6962 | 1 Cisco | 1 Webex Meeting Center | 2017-11-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the mobile-browser subsystem in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36228. | |||||
| CVE-2013-6963 | 1 Cisco | 1 Webex Training Center | 2017-11-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36207. | |||||
| CVE-2013-6960 | 1 Cisco | 1 Webex Meeting Center | 2017-11-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36248. | |||||
| CVE-2013-4674 | 1 Symantec | 2 Encryption Management Server, Pgp Universal Server | 2017-11-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment. | |||||
| CVE-2013-6961 | 1 Cisco | 1 Webex Meeting Center | 2017-11-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36237. | |||||
| CVE-2012-4497 | 2 Devsaran, Drupal | 2 Elegant Theme, Drupal | 2017-11-28 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in the Elegant Theme module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via a slide URL. | |||||
| CVE-2015-7878 | 1 Taxonomy Find Project | 1 Taxonomy Find | 2017-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x-2.x through 7.x-1.0 in Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via taxonomy vocabulary and term names. | |||||
| CVE-2017-16568 | 1 Logitech | 1 Media Server | 2017-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a radio URL. | |||||
| CVE-2017-16567 | 1 Logitech | 1 Media Server | 2017-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a "favorite." | |||||
| CVE-2017-8808 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2017-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping. | |||||
| CVE-2017-16564 | 1 Grandstream | 2 Ht802, Ht802 Firmware | 2017-11-27 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148). | |||||
| CVE-2017-16785 | 1 Cacti | 1 Cacti | 2017-11-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. | |||||
| CVE-2017-13819 | 1 Apple | 1 Mac Os X | 2017-11-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "HelpViewer" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML by bypassing the Same Origin Policy for quarantined HTML documents. | |||||
| CVE-2017-16781 | 1 Mybb | 1 Mybb | 2017-11-27 | 3.5 LOW | 5.4 MEDIUM |
| The installer in MyBB before 1.8.13 has XSS. | |||||
| CVE-2017-16760 | 1 Inedo | 1 Buildmaster | 2017-11-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Inedo BuildMaster before 5.8.2 has XSS. | |||||
| CVE-2017-16799 | 1 Cmsmadesimple | 1 Cmsmadesimple | 2017-11-27 | 3.5 LOW | 5.4 MEDIUM |
| In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882. | |||||