Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7249 | 1 Gazelle Project | 1 Gazelle | 2017-03-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. The vulnerabilities exist due to insufficient filtration of user-supplied data (action, userid) passed to the 'Gazelle-master/sections/tools/data/ocelot_info.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-7250 | 1 Gazelle Project | 1 Gazelle | 2017-03-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data (action) passed to the 'Gazelle-master/sections/tools/finances/bitcoin_balance.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-7248 | 1 Gazelle Project | 1 Gazelle | 2017-03-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data (type) passed to the 'Gazelle-master/sections/better/transcode.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-7247 | 1 Gazelle Project | 1 Gazelle | 2017-03-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. The vulnerabilities exist due to insufficient filtration of user-supplied data (torrents, size) passed to the 'Gazelle-master/sections/tools/managers/multiple_freeleech.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-7242 | 1 Slims | 1 Slims7 Cendana | 2017-03-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross-Site Scripting (XSS) were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkout_item.php, bibliography/dl_print.php, bibliography/item.php, bibliography/item_barcode_generator.php, bibliography/printed_card.php, circulation/loan_rules.php, master_file/author.php, master_file/coll_type.php, and master_file/doc_language.php and the quickReturnID field to circulation/ajax_action.php. | |||||
| CVE-2015-8687 | 1 Alcatel-lucent | 1 Motive Home Device Manager | 2017-03-28 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager (HDM) before 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceTypeID parameter to DeviceType/getDeviceType.do; the (2) policyActionClass or (3) policyActionName parameter to PolicyAction/findPolicyActions.do; the deviceID parameter to (4) SingleDeviceMgmt/getDevice.do or (5) device/editDevice.do; the operation parameter to (6) ajax.do or (7) xmlHttp.do; or the (8) policyAction, (9) policyClass, or (10) policyName parameter to policy/findPolicies.do. | |||||
| CVE-2015-8622 | 1 Mediawiki | 1 Mediawiki | 2017-03-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to a page named "javascript:alert('XSS!')." | |||||
| CVE-2017-7205 | 1 Gamepanelx | 1 Gamepanelx-v3 | 2017-03-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) was discovered in GamePanelX-V3 3.0.12. The vulnerability exists due to insufficient filtration of user-supplied data (a) passed to the "GamePanelX-V3-master/ajax/ajax.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-7202 | 1 Slims | 1 Slims7 Cendana | 2017-03-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana before 2017-03-16. The vulnerabilities exist due to insufficient filtration of user-supplied data (id) passed to the 'slims7_cendana-master/template/default/detail_template.php' and 'slims7_cendana-master/template/default-rtl/detail_template.php' URLs. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-7204 | 1 Imdbphp Project | 1 Imdbphp | 2017-03-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) was discovered in imdbphp 5.1.1. The vulnerability exists due to insufficient filtration of user-supplied data (name) passed to the "imdbphp-master/demo/search.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-6909 | 1 Shishnet | 1 Shimmie | 2017-03-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Shimmie <= 2.5.1. The vulnerability exists due to insufficient filtration of user-supplied data (log) passed to the "shimmie2-master/ext/chatbox/history/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-6905 | 1 Concrete5 | 1 Concrete5 | 2017-03-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (disable_choose) passed to the "concrete5-legacy-master/web/concrete/tools/files/search_dialog.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-7222 | 1 Mantisbt | 1 Mantisbt | 2017-03-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT configuration management pages (i.e., administrator access rights) or altering the system configuration file (config_inc.php). | |||||
| CVE-2016-9696 | 1 Ibm | 1 Rational Rhapsody Design Manager | 2017-03-23 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM Reference #: 1999960. | |||||
| CVE-2016-9694 | 1 Ibm | 1 Rational Rhapsody Design Manager | 2017-03-23 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999960. | |||||
| CVE-2017-1146 | 1 Ibm | 1 Content Navigator | 2017-03-23 | 3.5 LOW | 5.4 MEDIUM |
| IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999736. | |||||
| CVE-2016-4930 | 1 Juniper | 1 Junos Space | 2017-03-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative actions. | |||||
| CVE-2017-6908 | 1 Concrete5 | 1 Concrete5 | 2017-03-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (fID) passed to the "concrete5-legacy-master/web/concrete/tools/files/selector_data.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2016-8855 | 1 Sitecore | 1 Experience Platform | 2017-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or Description parameter. This is fixed in 8.2 Update-2. | |||||
| CVE-2017-6591 | 1 Django-epiceditor Project | 1 Django-epiceditor | 2017-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a cross-site scripting vulnerability in django-epiceditor 0.2.3 via crafted content in a form field. | |||||