Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1000088 | 1 Jenkins | 1 Sidebar Link | 2017-11-02 | 3.5 LOW | 5.4 MEDIUM |
| The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links. | |||||
| CVE-2017-1000103 | 1 Jenkins | 1 Dry | 2017-11-01 | 3.5 LOW | 5.4 MEDIUM |
| The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view. | |||||
| CVE-2017-1000102 | 1 Jenkins | 1 Static Analysis Utilities | 2017-11-01 | 3.5 LOW | 5.4 MEDIUM |
| The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view. | |||||
| CVE-2017-15360 | 1 Paessler | 1 Prtg Network Monitor | 2017-11-01 | 3.5 LOW | 5.4 MEDIUM |
| PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all group names created, related to incorrect error handling for an HTML encoded script. | |||||
| CVE-2017-15380 | 1 Softwarepublico | 1 E-sic | 2017-10-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester's registration area) via the nome parameter. | |||||
| CVE-2017-15872 | 1 Phpwcms | 1 Phpwcms | 2017-10-31 | 3.5 LOW | 4.8 MEDIUM |
| phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the username (aka new_login) field. | |||||
| CVE-2012-4377 | 1 Mediawiki | 1 Mediawiki | 2017-10-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image. | |||||
| CVE-2012-4378 | 1 Mediawiki | 1 Mediawiki | 2017-10-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web script or HTML via the userlang parameter to w/index.php. | |||||
| CVE-2017-1521 | 1 Ibm | 1 Bigfix Platform | 2017-10-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications (IBM BigFix Platform 9.2 and 9.5) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129831. | |||||
| CVE-2017-7733 | 1 Fortinet | 1 Fortios | 2017-10-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter. | |||||
| CVE-2017-1000058 | 1 Chevereto | 1 Chevereto | 2017-10-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, one in the user profile and one in the Exif data parser. | |||||
| CVE-2017-7203 | 1 Zoneminder | 1 Zoneminder | 2017-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-15214 | 1 Flyspray | 1 Flyspray | 2017-10-27 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php. | |||||
| CVE-2017-15213 | 1 Flyspray | 1 Flyspray | 2017-10-27 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl. | |||||
| CVE-2017-15215 | 1 Shaarli Project | 1 Shaarli | 2017-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global settings or add/delete links. It is also possible to execute JavaScript against unauthenticated users. | |||||
| CVE-2017-15216 | 1 Misp-project | 1 Misp | 2017-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| MISP before 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.js. | |||||
| CVE-2017-15384 | 1 Phpjabbers | 1 Rate Me | 2017-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| rate-me.php in Rate Me 1.0 has XSS via the id field in a rate action. | |||||
| CVE-2017-14973 | 1 Identicard | 1 Two-reader Controller Configuration Manager | 2017-10-27 | 3.5 LOW | 5.4 MEDIUM |
| IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user page). | |||||
| CVE-2017-15287 | 1 Bouqueteditor Project | 1 Bouqueteditor | 2017-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI. | |||||
| CVE-2015-6521 | 1 Atutor | 1 Atutor | 2017-10-27 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS version 2.2. | |||||