Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7817 | 1 Simple Keitai Chat Project | 1 Simple Keitai Chat | 2017-06-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Simple keitai chat 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-7810 | 1 Corega | 2 Cg-wlr300nx, Cg-wlr300nx Firmware | 2017-06-16 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-7813 | 1 Emon-cms | 1 Deraemon-cms | 2017-06-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in DERAEMON-CMS version 0.8.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the parameters hostname, database and username. | |||||
| CVE-2017-1278 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2017-06-16 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124756. | |||||
| CVE-2017-1276 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2017-06-16 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124751. | |||||
| CVE-2017-1247 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2017-06-16 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124627. | |||||
| CVE-2016-7808 | 1 Corega | 4 Cg-wlbaragm Firmware, Cg-wlbargmh, Cg-wlbargnl and 1 more | 2017-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-9546 | 1 Bigtreecms | 1 Bigtree Cms | 2017-06-15 | 3.5 LOW | 5.7 MEDIUM |
| admin.php in BigTree through 4.2.18 allows remote authenticated users to cause a denial of service (inability to save revisions) via XSS sequences in a revision name. | |||||
| CVE-2017-9548 | 1 Bigtreecms | 1 Bigtree Cms | 2017-06-15 | 3.5 LOW | 5.4 MEDIUM |
| admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is scheduled for future publication (aka a pending page change). | |||||
| CVE-2017-9547 | 1 Bigtreecms | 1 Bigtree Cms | 2017-06-15 | 3.5 LOW | 5.4 MEDIUM |
| admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication (aka a pending page change). | |||||
| CVE-2017-9523 | 1 Sophos | 1 Web Appliance | 2017-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342. | |||||
| CVE-2016-7823 | 1 Buffalotech | 2 Wnc01wh, Wnc01wh Firmware | 2017-06-15 | 2.3 LOW | 4.3 MEDIUM |
| Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-6959 | 1 Vindula | 1 Vindula | 2017-06-14 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Vindula 1.9. | |||||
| CVE-2017-9332 | 1 Pivotx | 1 Pivotx | 2017-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag. | |||||
| CVE-2017-1305 | 1 Ibm | 1 Rational Doors Next Generation | 2017-06-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125459. | |||||
| CVE-2017-1178 | 1 Ibm | 1 Bigfix Security Compliance Analytics | 2017-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123430. | |||||
| CVE-2016-9834 | 1 Sophos | 2 Cyberoam, Cyberoam Firmware | 2017-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of a request to the "LiveConnectionDetail.jsp" application. GET parameters "applicationname" and "username" are improperly sanitized allowing an attacker to inject arbitrary JavaScript into the page. This can be abused by an attacker to perform a cross-site scripting attack on the user. A vulnerable URI is /corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp. | |||||
| CVE-2017-8920 | 1 Cgiirc | 1 Cgi\ | 2017-06-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS. | |||||
| CVE-2017-9451 | 1 Flatcore | 1 Flatcore | 2017-06-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs. | |||||
| CVE-2017-1140 | 1 Ibm | 1 Business Process Manager | 2017-06-13 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||