Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9230 | 1 Symantec | 1 Data Loss Prevention | 2017-09-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-1944 | 1 Ibm | 1 Websphere Portal | 2017-09-21 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2017-13724 | 1 Axesstel | 2 Mu553s, Mu553s Firmware | 2017-09-21 | 3.5 LOW | 5.4 MEDIUM |
| On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site Scripting vulnerability in the APN parameter under the "Basic Settings" page. | |||||
| CVE-2017-1002017 | 1 Bobcares | 1 Gift-certificate-creator | 2017-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability. | |||||
| CVE-2017-8745 | 1 Microsoft | 1 Sharepoint Foundation | 2017-09-21 | 3.5 LOW | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Cross Site Scripting Vulnerability". | |||||
| CVE-2017-14534 | 1 Nexusphp Project | 1 Nexusphp | 2017-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to location.php, related to PHP_SELF. | |||||
| CVE-2017-4926 | 1 Vmware | 1 Vcenter Server | 2017-09-21 | 3.5 LOW | 5.4 MEDIUM |
| VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page. | |||||
| CVE-2017-12156 | 1 Moodle | 1 Moodle | 2017-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback. | |||||
| CVE-2015-1906 | 1 Ibm | 1 Business Process Manager | 2017-09-20 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-2015 | 1 Ibm | 1 Domino | 2017-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH8WBPRN. | |||||
| CVE-2015-3781 | 1 Apple | 1 Mac Os X | 2017-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Quick Look in Apple OS X before 10.10.5 allows remote attackers to inject arbitrary web script or HTML via a previously visited web site that is rendered during a Quick Look search. | |||||
| CVE-2015-5733 | 1 Wordpress | 1 Wordpress | 2017-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via an accessibility-helper title. | |||||
| CVE-2017-14414 | 1 D-link | 2 Dir-850l, Dir-850l Firmware | 2017-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php. | |||||
| CVE-2017-14413 | 1 D-link | 2 Dir-850l, Dir-850l Firmware | 2017-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php. | |||||
| CVE-2017-14415 | 1 D-link | 2 Dir-850l, Dir-850l Firmware | 2017-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php. | |||||
| CVE-2017-14416 | 1 D-link | 2 Dir-850l, Dir-850l Firmware | 2017-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php. | |||||
| CVE-2017-8629 | 1 Microsoft | 1 Sharepoint Server | 2017-09-20 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of privilege vulnerability when it fails to properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint XSS Vulnerability". | |||||
| CVE-2017-1002011 | 1 Anblik | 1 Image-gallery-with-slideshow | 2017-09-20 | 3.5 LOW | 5.4 MEDIUM |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value->gallery_name and $value->gallery_description where anyone with privileges to modify or add galleries/images and inject javascript into the database. | |||||
| CVE-2014-9468 | 1 Instantasp | 1 Instantforum | 2017-09-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in InstantASP InstantForum.NET 4.1.3, 4.1.2, 4.1.1, 4.0.0, 4.1.0, and 3.4.0 allow remote attackers to inject arbitrary web script or HTML via the SessionID parameter to (1) Join.aspx or (2) Logon.aspx. | |||||
| CVE-2017-14219 | 1 Intelbras | 2 Wrn 240, Wrn 240 Firmware | 2017-09-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm. The attack vector is a crafted ESSID, as demonstrated by an "airbase-ng -e" command. | |||||