Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1591 | 1 Ibm | 1 Datapower Gateway | 2017-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132368. | |||||
| CVE-2015-7349 | 1 Vasco | 1 Digipass | 2017-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the sample feedback.inc file in VASCO DIGIPASS authentication plug-in for Citrix Web Interface allows remote attackers to inject arbitrary web script or HTML via the failmessage parameter. | |||||
| CVE-2015-5181 | 1 Redhat | 1 Jboss A-mq | 2017-10-06 | 3.5 LOW | 5.4 MEDIUM |
| The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript. | |||||
| CVE-2017-14957 | 1 Blogotext Project | 1 Blogotext | 2017-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can (for example) change global settings or create/delete posts. It is also possible to execute JavaScript against unauthenticated users of the blog. | |||||
| CVE-2015-5613 | 1 Octobercms | 1 October | 2017-10-06 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612. | |||||
| CVE-2017-10701 | 1 Sap | 1 Enterprise Portal | 2017-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516. | |||||
| CVE-2017-14751 | 1 Intensewp | 1 Wp Jobs | 2017-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field. | |||||
| CVE-2017-14744 | 1 Baidu | 1 Ueditor | 2017-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. | |||||
| CVE-2015-8375 | 1 Php-fusion | 1 Php-fusion | 2017-10-06 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in PHP-Fusion 9. | |||||
| CVE-2017-14712 | 1 Telaxius | 1 Epesi | 2017-10-05 | 3.5 LOW | 5.4 MEDIUM |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter. | |||||
| CVE-2017-14717 | 1 Telaxius | 1 Epesi | 2017-10-05 | 3.5 LOW | 5.4 MEDIUM |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter. | |||||
| CVE-2017-9551 | 1 Mahara | 1 Mahara | 2017-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user's account. | |||||
| CVE-2017-14922 | 1 Tine20 | 1 Tine 2.0 | 2017-10-05 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | |||||
| CVE-2017-13986 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2017-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system. | |||||
| CVE-2017-14921 | 1 Tine20 | 1 Tine 2.0 | 2017-10-05 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | |||||
| CVE-2017-14920 | 1 Egroupware | 1 Egroupware | 2017-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator. | |||||
| CVE-2017-14923 | 1 Tine20 | 1 Tine 2.0 | 2017-10-05 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | |||||
| CVE-2012-4901 | 1 Template Cms Project | 1 Template Cms | 2017-10-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter in an add_template action to admin/index.php. | |||||
| CVE-2017-9292 | 1 Lansweeper | 1 Lansweeper | 2017-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782. | |||||
| CVE-2017-14321 | 1 Mirasvit | 1 Helpdesk Mx | 2017-10-04 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) customer name or (2) subject in a ticket. | |||||