Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14049 | 1 Blackcat-cms | 1 Blackcat Cms | 2017-09-01 | 3.5 LOW | 5.4 MEDIUM |
| In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the Website header or Website footer field. | |||||
| CVE-2016-5305 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-01 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via a "DOM link manipulation" attack. | |||||
| CVE-2015-5664 | 1 Qnap | 1 Qts | 2017-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-1447 | 1 Cisco | 1 Webex Meetings Server | 2017-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the administrator interface in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuy83194. | |||||
| CVE-2017-2361 | 1 Apple | 1 Mac Os X | 2017-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site. | |||||
| CVE-2015-6931 | 1 Vmware | 1 Vcenter Server | 2017-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-0221 | 1 Ibm | 1 Cognos Business Intelligence | 2017-09-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Cognos TM1, as used in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.1.1 before IF16, 10.2.2 before IF12, and 10.1.1 before IF19, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-1449 | 1 Cisco | 1 Webex Meetings Server | 2017-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy92711. | |||||
| CVE-2016-1462 | 1 Cisco | 1 Prime Service Catalog | 2017-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Prime Service Catalog (PSC) 11.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuz63795. | |||||
| CVE-2016-0346 | 1 Ibm | 1 Cognos Business Intelligence | 2017-09-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.1.1 before IF16, 10.2.2 before IF12, and 10.1.1 before IF19 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-0280 | 1 Ibm | 3 Information Server Framework, Infosphere Information Governance Catalog, Infosphere Information Server Business Glossary | 2017-09-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Information Server Framework 8.5, Information Server Framework and InfoSphere Information Server Business Glossary 8.7 before FP2, Information Server Framework and InfoSphere Information Server Business Glossary 9.1 before 9.1.2.0, Information Server Framework and InfoSphere Information Governance Catalog 11.3 before 11.3.1.2, and Information Server Framework and InfoSphere Information Governance Catalog 11.5 before 11.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-2925 | 1 Ibm | 1 Websphere Portal | 2017-09-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-2081 | 1 Vmware | 1 Vrealize Log Insight | 2017-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-13778 | 1 Fiyo | 1 Fiyo Cms | 2017-08-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter. | |||||
| CVE-2014-0141 | 1 Redhat | 1 Satellite | 2017-08-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3. | |||||
| CVE-2014-9514 | 1 Bmc | 1 Footprints Service Core | 2017-08-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in BMC Footprints Service Core 11.5. | |||||
| CVE-2017-10840 | 1 Webcalendar Project | 1 Webcalendar | 2017-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-2256 | 1 Cybozu | 1 Garoon | 2017-08-30 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo". | |||||
| CVE-2017-2255 | 1 Cybozu | 1 Garoon | 2017-08-30 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space". | |||||
| CVE-2017-2257 | 1 Cybozu | 1 Garoon | 2017-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function. | |||||