Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8654 | 1 Microsoft | 1 Sharepoint Server | 2017-08-15 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability". | |||||
| CVE-2017-12655 | 1 Nexusphp Project | 1 Nexusphp | 2017-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action. | |||||
| CVE-2017-8642 | 1 Microsoft | 2 Edge, Windows 10 | 2017-08-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka "Microsoft Edge Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8503. | |||||
| CVE-2017-9516 | 1 Craftcms | 1 Craft Cms | 2017-08-13 | 3.5 LOW | 5.4 MEDIUM |
| Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file. | |||||
| CVE-2017-2528 | 1 Apple | 2 Iphone Os, Safari | 2017-08-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with cached frames. | |||||
| CVE-2017-2510 | 1 Apple | 2 Iphone Os, Safari | 2017-08-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with pageshow events. | |||||
| CVE-2017-8839 | 1 Peplink | 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more | 2017-08-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is guest/preview.cgi. | |||||
| CVE-2017-8838 | 1 Peplink | 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more | 2017-08-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/HASync/hasync.cgi. | |||||
| CVE-2017-2508 | 1 Apple | 2 Iphone Os, Safari | 2017-08-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with container nodes. | |||||
| CVE-2017-5631 | 1 Kmc Information Systems | 1 Caseaware | 2017-08-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr") that is transmitted in the login.php query string. | |||||
| CVE-2017-7953 | 1 Infor | 1 Enterprise Asset Management | 2017-08-13 | 3.5 LOW | 5.4 MEDIUM |
| INFOR EAM V11.0 Build 201410 has XSS via comment fields. | |||||
| CVE-2016-1471 | 1 Cisco | 1 Small Business 220 Series Smart Plus Switches | 2017-08-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz76232. | |||||
| CVE-2017-11320 | 1 Technicolor | 2 Tc7337, Tc7337 Firmware | 2017-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router. | |||||
| CVE-2017-9813 | 1 Kaspersky | 1 Anti-virus For Linux Server | 2017-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS). | |||||
| CVE-2017-8000 | 1 Emc | 1 Rsa Authentication Manager | 2017-08-10 | 3.5 LOW | 4.8 MEDIUM |
| In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database. The profile name could include a crafted script (with an XSS payload) that could be executed when viewing or editing the assigned token profile in the token by another administrator's browser session. | |||||
| CVE-2017-11593 | 1 Ooso | 1 Markdown Preview Plus | 2017-08-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Markdown Preview Plus extension before 0.5.7 for Chrome allows remote attackers to inject arbitrary web script or HTML into some web applications via the upload and display of crafted text, markdown, or rst files that are designed to be viewed in the browser as plain text, but that will be converted to HTML without proper sanitization. | |||||
| CVE-2017-10711 | 1 Simplerisk | 1 Simplerisk | 2017-08-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| In SimpleRisk 20170614-001, a CSRF attack on reset.php (aka the Send Password Reset Email form) can insert XSS sequences via the user parameter. | |||||
| CVE-2017-12131 | 1 Goldplugins | 1 Easy Testimonials | 2017-08-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial Excerpt Options screens. | |||||
| CVE-2017-12068 | 1 Event List Project | 1 Event List | 2017-08-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Event List plugin 0.7.9 for WordPress has XSS in the slug array parameter to wp-admin/admin.php in an el_admin_categories delete_bulk action. | |||||
| CVE-2017-6769 | 1 Cisco | 1 Secure Access Control System | 2017-08-10 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of the Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. More Information: CSCve70587. Known Affected Releases: 5.8(0.8) 5.8(1.5). | |||||