CVEs from 2017
Total
11,607
critical
critical 1,650
high
high 5,044
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-12357 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a us… | |||
| CVE-2017-12349 | medium | 5.4 | 5.4 | 9y ago | Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affecte… | |||
| CVE-2017-12348 | medium | 5.4 | 5.4 | 9y ago | Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affecte… | |||
| CVE-2017-14186 | medium | 5.4 | 5.4 | 9y ago | A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or H… | |||
| CVE-2017-14379 | medium | 5.4 | 5.4 | 9y ago | EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||
| CVE-2017-1689 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit… | |||
| CVE-2017-1688 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit… | |||
| CVE-2017-1678 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… | |||
| CVE-2017-1650 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit… | |||
| CVE-2017-1607 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit… | |||
| CVE-2017-1593 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… | |||
| CVE-2017-1560 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… | |||
| CVE-2017-1461 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… | |||
| CVE-2017-15051 | medium | 5.4 | 5.4 | 9y ago | TeamPass stored cross-site scripting (XSS) vulnerability | |||
| CVE-2017-8178 | medium | 5.4 | 5.4 | 9y ago | Huawei Email APP Vicky-AL00 smartphones with software of earlier than VKY-AL00C00B171 versions has a stored cross-site scripting vulnerability. A remote attacker could exploit this vulnerability to s… | |||
| CVE-2017-2713 | medium | 5.4 | 5.4 | 9y ago | HUAWEI P9 smartphones with software versions earlier before EVA-L09C432B383, versions earlier before EVA-L09C636B380, versions earlier before VIE-L09C432B370, versions earlier before VIE-L29C636B370 … | |||
| CVE-2017-7736 | medium | 5.4 | 5.4 | 9y ago | A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special cra… | |||
| CVE-2017-16919 | medium | 5.4 | 5.4 | 9y ago | MapOS 3.1.11 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in /clientes/visualizar, which allows remote attackers to inject arbitrary web script or HTML via a crafted description … | |||
| CVE-2017-16908 | medium | 5.4 | 5.4 | 9y ago | In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the … | |||
| CVE-2017-16907 | medium | 5.4 | 5.4 | 9y ago | In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action. | |||
| CVE-2017-16906 | medium | 5.4 | 5.4 | 9y ago | In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action. | |||
| CVE-2017-1000227 | medium | 5.4 | 5.4 | 9y ago | Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can | |||
| CVE-2017-10886 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an atta… | |||
| CVE-2017-1000223 | medium | 5.4 | 5.4 | 9y ago | A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious Java… | |||
| CVE-2017-1000164 | medium | 5.4 | 5.4 | 9y ago | Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation | |||
| CVE-2017-1000160 | medium | 5.4 | 5.4 | 9y ago | EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection | |||
| CVE-2017-1000240 | medium | 5.4 | 5.4 | 9y ago | The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote auth… | |||
| CVE-2017-1000239 | medium | 5.4 | 5.4 | 9y ago | InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of … | |||
| CVE-2017-4930 | medium | 5.4 | 5.4 | 9y ago | VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. Successful exploitation of … | |||
| CVE-2017-5532 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Libr… | |||
| CVE-2017-16821 | medium | 5.4 | 5.4 | 9y ago | b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP… | |||
| CVE-2017-9394 | medium | 5.4 | 5.4 | 9y ago | A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user. | |||
| CVE-2017-16810 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 (fixed in 3.13.7) allows remote attackers to inject arbitrary web script or HTML via the Variable Set … | |||
| CVE-2017-16802 | medium | 5.4 | 5.4 | 9y ago | In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added. | |||
| CVE-2017-16801 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in Octopus Deploy 3.7.0-3.17.13 (fixed in 3.17.14) allows remote authenticated users to inject arbitrary web script or HTML via the Step Template Name paramet… | |||
| CVE-2017-16799 | medium | 5.4 | 5.4 | 9y ago | In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-… | |||
| CVE-2017-16798 | medium | 5.4 | 5.4 | 9y ago | In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attacker… | |||
| CVE-2017-16636 | medium | 5.4 | 5.4 | 9y ago | In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validatio… | |||
| CVE-2017-16635 | medium | 5.4 | 5.4 | 9y ago | In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module. Remote attackers with low-privilege user accounts for backend acce… | |||
| CVE-2017-16564 | medium | 5.4 | 5.4 | 9y ago | Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor … | |||
| CVE-2017-14359 | medium | 5.4 | 5.4 | 9y ago | A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting. | |||
| CVE-2017-1000149 | medium | 5.4 | 5.4 | 9y ago | Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target="_blank" and window.open()) | |||
| CVE-2017-1000146 | medium | 5.4 | 5.4 | 9y ago | Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio p… | |||
| CVE-2017-1000140 | medium | 5.4 | 5.4 | 9y ago | Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to downl… | |||
| CVE-2017-1000138 | medium | 5.4 | 5.4 | 9y ago | Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title. | |||
| CVE-2017-1000137 | medium | 5.4 | 5.4 | 9y ago | Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard (rather than drag and drop). | |||
| CVE-2017-12294 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability is… | |||
| CVE-2017-1554 | medium | 5.4 | 5.4 | 9y ago | IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exp… | |||
| CVE-2017-1553 | medium | 5.4 | 5.4 | 9y ago | IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona… | |||
| CVE-2017-1552 | medium | 5.4 | 5.4 | 9y ago | IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to cond… | |||
| CVE-2017-1290 | medium | 5.4 | 5.4 | 9y ago | IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functio… | |||
| CVE-2017-1147 | medium | 5.4 | 5.4 | 9y ago | IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functio… | |||
| CVE-2017-1001001 | medium | 5.4 | 5.4 | 9y ago | PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges. | |||
| CVE-2017-15273 | medium | 5.4 | 5.4 | 9y ago | Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as ti… | |||
| CVE-2017-14752 | medium | 5.4 | 5.4 | 9y ago | Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as th… | |||
| CVE-2017-3933 | medium | 5.4 | 5.4 | 9y ago | Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request fo… | |||
| CVE-2017-16230 | medium | 5.4 | 5.4 | 9y ago | In admin/write-post.php in Typecho through 1.1, one can log in to the background page, write a new article, and add payload in the article content, resulting in XSS via index.php/action/contents-post… | |||
| CVE-2017-15888 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the… | |||
| CVE-2017-12460 | medium | 5.4 | 5.4 | 9y ago | An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. An authenticated user can manage the wallpaper collection in the webUI to be shown as… | |||
| CVE-2017-15947 | medium | 5.4 | 5.4 | 9y ago | Simple ASC Content Management System v1.2 has XSS in the location field in the sign function, related to guestbook.asp, formgb.asp, and msggb.asp. | |||
| CVE-2017-15936 | medium | 5.4 | 5.4 | 9y ago | In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed. | |||
| CVE-2017-15934 | medium | 5.4 | 5.4 | 9y ago | Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scripting in the map name parameter. | |||
| CVE-2017-12158 | medium | 5.4 | 5.4 | 9y ago | Keycloak Reflected XSS | |||
| CVE-2017-7335 | medium | 5.4 | 5.4 | 9y ago | A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated us… | |||
| CVE-2017-1363 | medium | 5.4 | 5.4 | 9y ago | IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea… | |||
| CVE-2017-1169 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality po… | |||
| CVE-2017-1164 | medium | 5.4 | 5.4 | 9y ago | IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin… | |||
| CVE-2017-1209 | medium | 5.4 | 5.4 | 9y ago | IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alter… | |||
| CVE-2017-15811 | medium | 5.4 | 5.4 | 9y ago | The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assets_url parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php. | |||
| CVE-2017-10425 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Service Host). Supported versions that are affected are 2.6, 2.7, 2.8 and 2.9. Easily expl… | |||
| CVE-2017-10423 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.2, 13.3, 13.4, 14.0 and 14.1. Easily explo… | |||
| CVE-2017-10400 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration Graphical User Interface). The supported version that is affected is 3.1.2. Easily exp… | |||
| CVE-2017-10395 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: GangwayActivityWebApp). The supported version that is affected is 9.0.2.0. … | |||
| CVE-2017-10394 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitab… | |||
| CVE-2017-10367 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Engagement). Supported versions that are affected are 2.8 and 2.9. Easily exploitable vuln… | |||
| CVE-2017-10359 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hyperion BI+ component of Oracle Hyperion (subcomponent: UI and Visualization). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows… | |||
| CVE-2017-10340 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). Supported versions that are affected are 2.8 and 2.9. Easily exploitable v… | |||
| CVE-2017-10337 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vul… | |||
| CVE-2017-10304 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the PeopleSoft Enterprise HCM component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows… | |||
| CVE-2017-10277 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Net). Supported versions that are affected are 6.9.9 and earlier. Easily exploitable vulnerability allows unau… | |||
| CVE-2017-10162 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Siebel Core - Server Framework component of Oracle Siebel CRM (subcomponent: Services). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability a… | |||
| CVE-2017-15538 | medium | 5.4 | 5.4 | 9y ago | Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to th… | |||
| CVE-2017-15360 | medium | 5.4 | 5.4 | 9y ago | PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all group names created, related to incorrect error handling for an HTML encoded script. | |||
| CVE-2017-11820 | medium | 5.4 | 5.4 | 9y ago | Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted … | |||
| CVE-2017-11777 | medium | 5.4 | 5.4 | 9y ago | Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted … | |||
| CVE-2017-11775 | medium | 5.4 | 5.4 | 9y ago | Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted … | |||
| CVE-2017-15279 | medium | 5.4 | 5.4 | 9y ago | Umbraco CMS vulnerable to stored XSS | |||
| CVE-2017-15278 | medium | 5.4 | 5.4 | 9y ago | TeamPass Cross-Site Scripting (XSS) | |||
| CVE-2017-8016 | medium | 5.4 | 5.4 | 9y ago | RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in… | |||
| CVE-2017-14370 | medium | 5.4 | 5.4 | 9y ago | RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in … | |||
| CVE-2017-14587 | medium | 5.4 | 5.4 | 9y ago | The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulner… | |||
| CVE-2017-7352 | medium | 5.4 | 5.4 | 9y ago | Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System > Configu… | |||
| CVE-2017-15214 | medium | 5.4 | 5.4 | 9y ago | Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (incl… | |||
| CVE-2017-15213 | medium | 5.4 | 5.4 | 9y ago | Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/temp… | |||
| CVE-2017-15219 | medium | 5.4 | 5.4 | 9y ago | The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field. | |||
| CVE-2017-14973 | medium | 5.4 | 5.4 | 9y ago | IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user pag… | |||
| CVE-2017-1522 | medium | 5.4 | 5.4 | 9y ago | IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended… | |||
| CVE-2017-12269 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web UI of Cisco Spark Messaging Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insuff… | |||
| CVE-2017-1000103 | medium | 5.4 | 5.4 | 9y ago | Persistent XSS vulnerability in Jenkins DRY Plugin | |||
| CVE-2017-1000102 | medium | 5.4 | 5.4 | 9y ago | Persistent XSS vulnerability in Static Analysis Utilities |