Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9448 | 1 Bigtreecms | 1 Bigtree Cms | 2017-06-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. This issue exists in core\admin\ajax\pages\save-revision.php and core\admin\modules\pages\revisions.php. Low-privileged (administrator) users can attack high-privileged (Developer) users. | |||||
| CVE-2017-9306 | 1 Syspass | 1 Syspass | 2017-06-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring. | |||||
| CVE-2017-2171 | 1 Bestwebsoft | 51 Captcha, Car Rental, Contact Form and 48 more | 2017-06-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior to version 1.3.2, Custom Search prior to version 1.36, Donate prior to version 2.1.1, Email Queue prior to version 1.1.2, Error Log Viewer prior to version 1.0.6, Facebook Button prior to version 2.54, Featured Posts prior to version 1.0.1, Gallery Categories prior to version 1.0.9, Gallery prior to version 4.5.0, Google +1 prior to version 1.3.4, Google AdSense prior to version 1.44, Google Analytics prior to version 1.7.1, Google Captcha (reCAPTCHA) prior to version 1.28, Google Maps prior to version 1.3.6, Google Shortlink prior to version 1.5.3, Google Sitemap prior to version 3.0.8, Htaccess prior to version 1.7.6, Job Board prior to version 1.1.3, Latest Posts prior to version 0.3, Limit Attempts prior to version 1.1.8, LinkedIn prior to version 1.0.5, Multilanguage prior to version 1.2.2, PDF & Print prior to version 1.9.4, Pagination prior to version 1.0.7, Pinterest prior to version 1.0.5, Popular Posts prior to version 1.0.5, Portfolio prior to version 2.4, Post to CSV prior to version 1.3.1, Profile Extra prior to version 1.0.7. PromoBar prior to version 1.1.1, Quotes and Tips prior to version 1.32, Re-attacher prior to version 1.0.9, Realty prior to version 1.1.0, Relevant - Related Posts prior to version 1.2.0, Sender prior to version 1.2.1, SMTP prior to version 1.1.0, Social Buttons Pack prior to version 1.1.1, Subscriber prior to version 1.3.5, Testimonials prior to version 0.1.9, Timesheet prior to version 0.1.5, Twitter Button prior to version 2.55, User Role prior to version 1.5.6, Updater prior to version 1.35, Visitors Online prior to version 1.0.0, and Zendesk Help Center prior to version 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the function to display the BestWebSoft menu. | |||||
| CVE-2017-9452 | 1 Piwigo | 1 Piwigo | 2017-06-09 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2017-7384 | 1 Flipbuilder | 1 Flip Pdf | 2017-06-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF allows remote attackers to inject arbitrary web script or HTML via the currentHTMLURL parameter. | |||||
| CVE-2012-6705 | 1 Jamroom | 1 Jamroom | 2017-06-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Status Update field. | |||||
| CVE-2017-9337 | 1 Markdown On Save Improved Project | 1 Markdown On Save Improved | 2017-06-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS vulnerability in the content of a post. | |||||
| CVE-2017-9336 | 1 Wp Editor.md Project | 1 Wp Editor.md | 2017-06-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post. | |||||
| CVE-2017-9305 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2017-06-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php. | |||||
| CVE-2017-2307 | 1 Juniper | 1 Junos Space | 2017-06-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remote attackers to steal sensitive information or perform certain administrative actions on Junos Space. | |||||
| CVE-2017-9252 | 1 Finecms Project | 1 Finecms | 2017-06-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the search page via the text-search parameter to index.php in a route=search action. | |||||
| CVE-2017-9251 | 1 Finecms Project | 1 Finecms | 2017-06-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php. | |||||
| CVE-2017-9289 | 1 Note Project | 1 Note | 2017-06-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-source\ui\editor.php (edit parameter). | |||||
| CVE-2017-9298 | 1 Hitachi | 1 Device Manager | 2017-06-08 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code. | |||||
| CVE-2017-9243 | 1 Aries Networks | 2 Qwr-1104 Wireless-n Router, Qwr-1104 Wireless-n Router Firmware | 2017-06-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 has XSS on the Wireless Site Survey page, exploitable with the name of an access point. | |||||
| CVE-2017-9361 | 1 Websitebaker | 1 Websitebaker | 2017-06-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php. | |||||
| CVE-2017-7296 | 1 Contiki-os | 1 Contiki | 2017-06-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page (aka mqtt.html) of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configure that device's operation by sending HTTP POST requests. The vulnerability consists of improper input sanitisation of the text fields on the MQTT/IBM Cloud config page, allowing for JavaScript code injection. | |||||
| CVE-2016-7840 | 1 Olive Design | 1 Olive Blog | 2017-06-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WEB SCHEDULE allows remote attackers to inject arbitrary web script or HTML via the month parameter. | |||||
| CVE-2017-3129 | 1 Fortinet | 1 Fortiweb | 2017-06-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature. | |||||
| CVE-2017-7723 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2017-06-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body. | |||||