Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9057 | 1 Proxmox | 1 Proxmox Mail Gateway | 2017-05-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allow remote attackers to inject arbitrary web script or HTML via multiple parameters, related to /users/index.htm, /quarantine/spam/manage.htm, /quarantine/spam/whitelist.htm, /queues/mail/index/, /system/ssh.htm, /queues/mail/?domain=, and /quarantine/virus/manage.htm. | |||||
| CVE-2016-0255 | 1 Ibm | 1 Marketing Platform | 2017-05-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 110564. | |||||
| CVE-2017-8762 | 1 Genixcms | 1 Genixcms | 2017-05-12 | 3.5 LOW | 5.4 MEDIUM |
| GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element. | |||||
| CVE-2017-8780 | 1 Genixcms | 1 Genixcms | 2017-05-12 | 3.5 LOW | 4.8 MEDIUM |
| GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during a publish operation by an administrator, as demonstrated by a malformed P element. | |||||
| CVE-2017-8384 | 1 Craftcms | 1 Craft Cms | 2017-05-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052. | |||||
| CVE-2017-8376 | 1 Genixcms | 1 Genixcms | 2017-05-10 | 3.5 LOW | 5.4 MEDIUM |
| GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is mishandled during a mouse operation by an administrator. | |||||
| CVE-2017-8302 | 1 Blueriver | 1 Muracms | 2017-05-09 | 3.5 LOW | 5.4 MEDIUM |
| Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dsp_nextn.cfm, admin/core/views/cusers/inc/dsp_search_form.cfm, admin/core/views/cusers/inc/dsp_users_list.cfm, admin/core/views/cusers/list.cfm, and admin/core/views/cusers/listusers.cfm. | |||||
| CVE-2017-2106 | 1 Webmin | 1 Webmin | 2017-05-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-7271 | 1 Yii Software | 1 Yii | 2017-05-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen. | |||||
| CVE-2017-2148 | 1 Iodata | 2 Wn-ac1167gr, Wn-ac1167gr Firmware | 2017-05-05 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-2151 | 1 Booking Calendar Project | 1 Booking Calendar | 2017-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-2136 | 1 Wp Statistics | 1 Wp Statistics | 2017-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. | |||||
| CVE-2016-7841 | 1 Olive Design | 1 Olive Diary Dx | 2017-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Olive Diary DX allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2016-7839 | 1 Olive Design | 1 Olive Blog | 2017-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Olive Blog allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2017-2123 | 1 Onethird | 1 Onethird Cms | 2017-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via language.php. | |||||
| CVE-2017-2114 | 1 Cybozu | 1 Office | 2017-05-03 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-8298 | 1 Cnvs | 1 Canvas | 2017-05-03 | 3.5 LOW | 5.4 MEDIUM |
| cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a "Posts > Add New" action, and during creation of new tags and users. | |||||
| CVE-2017-7987 | 1 Joomla | 1 Joomla\! | 2017-05-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component. | |||||
| CVE-2016-8924 | 1 Ibm | 1 Maximo Asset Management | 2017-05-03 | 4.3 MEDIUM | 5.6 MEDIUM |
| IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 118537. | |||||
| CVE-2017-2092 | 1 Cybozu | 1 Garoon | 2017-05-03 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||