Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1070 | 1 Expressionengine | 1 Expressionengine | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter. | |||||
| CVE-2009-0850 | 1 Bitdefender | 1 Internet Security | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in BitDefender Internet Security 2009 allows user-assisted remote attackers to inject arbitrary web script or HTML via the filename of a virus-infected file, as demonstrated by a filename inside a (1) rar or (2) zip archive file. | |||||
| CVE-2009-0814 | 1 Blogsa | 1 Blogsa | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Widgets.aspx in Blogsa 1.0 Beta 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. | |||||
| CVE-2018-13392 | 1 Atlassian | 2 Crucible, Fisheye | 2018-10-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys. | |||||
| CVE-2018-14850 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2018-10-10 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image. | |||||
| CVE-2018-14849 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2018-10-10 | 3.5 LOW | 5.4 MEDIUM |
| Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php. | |||||
| CVE-2017-9613 | 1 Sap | 1 Successfactors | 2018-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality. | |||||
| CVE-2017-9537 | 1 Solarwinds | 1 Network Performance Monitor | 2018-10-09 | 3.5 LOW | 4.8 MEDIUM |
| Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters. | |||||
| CVE-2018-11027 | 1 Ruckussecurity | 2 Icx7450-48, Icx7450-48 Firmware | 2018-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2017-9767 | 1 Quali | 1 Cloudshell | 2018-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Name or (2) Description parameter to RM/Reservation/ReserveNew; the (3) Description parameter to RM/Topology/Update; the (4) Name, (5) Description, (6) ExecutionBatches[0].Name, (7) ExecutionBatches[0].Description, or (8) Labels parameter to SnQ/JobTemplate/Edit; or (9) Alias or (10) Description parameter to RM/AbstractTemplate/AddOrUpdateAbstractTemplate. | |||||
| CVE-2017-8802 | 1 Synocor | 1 Zimbra Collaboration Suite | 2018-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.8.0 Beta2 might allow remote attackers to inject arbitrary web script or HTML via vectors related to the "Show Snippet" functionality. | |||||
| CVE-2017-13754 | 1 Wibu | 1 Codemeter | 2018-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the "server name" field in actions/ChangeConfiguration.html. | |||||
| CVE-2016-4945 | 1 Citrix | 2 Netscaler Gateway 11.0, Netscaler Gateway 11.0 Firmware | 2018-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSC_TMAC cookie. | |||||
| CVE-2016-7140 | 1 Plone | 1 Plone | 2018-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-7139 | 1 Plone | 1 Plone | 2018-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2016-6133 | 1 Ektron | 1 Ektron Content Management System | 2018-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Ektron Content Management System before 9.1.0.184SP3(9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the rptStatus parameter in a Report action to WorkArea/SelectUserGroup.aspx. | |||||
| CVE-2016-4651 | 1 Apple | 2 Iphone Os, Safari | 2018-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting (XPXSS)" vulnerability. | |||||
| CVE-2016-4327 | 1 Wso2 | 1 Enablement Server For Java | 2018-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2016-7136 | 1 Plone | 1 Plone | 2018-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request. | |||||
| CVE-2016-4316 | 1 Wso2 | 1 Carbon | 2018-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) setName parameter to identity-mgt/challenges-mgt.jsp; the (2) webappType or (3) httpPort parameter to webapp-list/webapp_info.jsp; the (4) dsName or (5) description parameter to ndatasource/newdatasource.jsp; the (6) phase parameter to viewflows/handlers.jsp; or the (7) url parameter to ndatasource/validateconnection-ajaxprocessor.jsp. | |||||