Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4674 | 1 Symantec | 2 Encryption Management Server, Pgp Universal Server | 2017-11-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment. | |||||
| CVE-2013-6960 | 1 Cisco | 1 Webex Meeting Center | 2017-11-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36248. | |||||
| CVE-2015-7878 | 1 Taxonomy Find Project | 1 Taxonomy Find | 2017-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x-2.x through 7.x-1.0 in Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via taxonomy vocabulary and term names. | |||||
| CVE-2017-8808 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2017-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping. | |||||
| CVE-2017-16564 | 1 Grandstream | 2 Ht802, Ht802 Firmware | 2017-11-27 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148). | |||||
| CVE-2017-16785 | 1 Cacti | 1 Cacti | 2017-11-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. | |||||
| CVE-2017-13819 | 1 Apple | 1 Mac Os X | 2017-11-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "HelpViewer" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML by bypassing the Same Origin Policy for quarantined HTML documents. | |||||
| CVE-2017-16760 | 1 Inedo | 1 Buildmaster | 2017-11-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Inedo BuildMaster before 5.8.2 has XSS. | |||||
| CVE-2017-16781 | 1 Mybb | 1 Mybb | 2017-11-27 | 3.5 LOW | 5.4 MEDIUM |
| The installer in MyBB before 1.8.13 has XSS. | |||||
| CVE-2017-16799 | 1 Cmsmadesimple | 1 Cmsmadesimple | 2017-11-27 | 3.5 LOW | 5.4 MEDIUM |
| In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882. | |||||
| CVE-2017-16665 | 1 Remobjects | 1 Remoting Sdk 9 | 2017-11-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a reflected Cross Site Scripting (XSS) attack via the service parameter to the /soap URI, triggering an invalid attempt to generate WSDL. | |||||
| CVE-2017-9299 | 1 Otrs | 1 Otrs | 2017-11-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is not affected. | |||||
| CVE-2017-15039 | 1 Zurmo | 1 Zurmo Crm | 2017-11-22 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting. | |||||
| CVE-2017-16784 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-11-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter. | |||||
| CVE-2009-3891 | 1 Wordpress | 1 Wordpress | 2017-11-22 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the selection variable). | |||||
| CVE-2012-6511 | 1 Organizer Project | 1 Organizer | 2017-11-22 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in organizer/page/users.php in the Organizer plugin 1.2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) delete_id parameter or (2) extension parameter in an "Update Setting" action to wp-admin/admin.php. | |||||
| CVE-2008-6047 | 1 Adbnewssender | 1 Adbnewssender | 2017-11-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ADbNewsSender before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) subscribing and (2) unsubscribing. | |||||
| CVE-2012-2008 | 1 Hp | 1 Performance Insight | 2017-11-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-14373 | 1 Emc | 1 Rsa Authentication Manager | 2017-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2012-5181 | 1 Concrete5 | 1 Concrete5 | 2017-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 English 5.5.0 through 5.6.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||