Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6509 | 1 Burgundy-cms Project | 1 Burgundy-cms | 2017-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a reflected XSS in admin/components/menu/views/menuitems.php (id parameter). | |||||
| CVE-2016-9148 | 1 Ca | 1 Service Desk Manager | 2017-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM parameter. | |||||
| CVE-2017-6485 | 1 Php-calendar | 1 Php-calendar | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the "php-calendar-master/error.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2016-10202 | 1 Zoneminder | 1 Zoneminder | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php. | |||||
| CVE-2016-10201 | 1 Zoneminder | 1 Zoneminder | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php. | |||||
| CVE-2015-8815 | 1 Umbraco | 1 Umbraco | 2017-03-07 | 5.0 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page. | |||||
| CVE-2017-5616 | 1 Cpanel | 2 Cgiecho, Cgiemail | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter. | |||||
| CVE-2017-5833 | 1 Revive-adserver | 1 Revive Adserver | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2017-5832 | 1 Revive-adserver | 1 Revive Adserver | 2017-03-07 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address. | |||||
| CVE-2017-6396 | 1 Webpagetest Project | 1 Webpagetest | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in WPO-Foundation WebPageTest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "webpagetest-master/www/compare-cf.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-6395 | 1 Hashover Project | 1 Hashover | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in HashOver 2.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the 'hashover/scripts/widget-output.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-6391 | 1 Kaltura | 1 Kaltura Server | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "admin_console/web/tools/SimpleJWPlayer.php" URL, the "admin_console/web/tools/AkamaiBroadcaster.php" URL, the "admin_console/web/tools/bigRedButton.php" URL, and the "admin_console/web/tools/bigRedButtonPtsPoc.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-6390 | 1 Soruly | 1 Whatanime.ga | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in whatanime.ga before c334dd8499a681587dd4199e90b0aa0eba814c1d. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "whatanime.ga-master/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-6393 | 1 Nagvis | 1 Nagvis | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in NagVis 1.9b12. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "nagvis-master/share/userfiles/gadgets/std_table.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-6392 | 1 Kaltura | 1 Kaltura Server | 2017-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "server-Lynx-12.11.0/admin_console/web/tools/XmlJWPlayer.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2016-10216 | 1 Sivann | 1 It Items Database | 2017-03-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The vulnerability exists due to insufficient filtration of user-supplied data in the "value" HTTP POST parameter passed to the "itdb-1.23/js/DataTables-1.8.2/examples/examples_support/editable_ajax.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2016-10215 | 1 Fastspot | 1 Bigtree-form-builder | 2017-03-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Fastspot BigTree bigtree-form-builder before 1.2. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP POST parameters passed to a "site/index.php/../../extensions/com.fastspot.form-builder/ajax/redraw-field.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2016-5932 | 1 Ibm | 1 Connections | 2017-03-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998294. | |||||
| CVE-2015-8862 | 1 Mustache.js Project | 1 Mustache.js | 2017-03-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted. | |||||
| CVE-2015-8856 | 1 Nodejs | 1 Node.js | 2017-03-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name. | |||||