CVEs from 2017
Total
11,607
critical
critical 1,650
high
high 5,044
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1000088 | medium | 5.4 | 5.4 | 9y ago | Persisted XSS Vulnerability in Jenkins Sidebar Link Plugin | |||
| CVE-2017-14985 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the url parameter to module… | |||
| CVE-2017-14984 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the bp_name parameter to /m… | |||
| CVE-2017-14981 | medium | 5.4 | 5.4 | 9y ago | Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data (url in /mods/_standard/rss_feeds/edit_feed.php). An attacker could i… | |||
| CVE-2017-1429 | medium | 5.4 | 5.4 | 9y ago | IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… | |||
| CVE-2017-1369 | medium | 5.4 | 5.4 | 9y ago | IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… | |||
| CVE-2017-1364 | medium | 5.4 | 5.4 | 9y ago | IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… | |||
| CVE-2017-1359 | medium | 5.4 | 5.4 | 9y ago | IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… | |||
| CVE-2017-1345 | medium | 5.4 | 5.4 | 9y ago | IBM Insights Foundation for Energy 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality… | |||
| CVE-2017-1335 | medium | 5.4 | 5.4 | 9y ago | IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… | |||
| CVE-2017-1334 | medium | 5.4 | 5.4 | 9y ago | IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… | |||
| CVE-2017-1324 | medium | 5.4 | 5.4 | 9y ago | IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… | |||
| CVE-2017-14923 | medium | 5.4 | 5.4 | 9y ago | Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by… | |||
| CVE-2017-14922 | medium | 5.4 | 5.4 | 9y ago | Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is m… | |||
| CVE-2017-14921 | medium | 5.4 | 5.4 | 9y ago | Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rend… | |||
| CVE-2017-14753 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to mod… | |||
| CVE-2017-1531 | medium | 5.4 | 5.4 | 9y ago | IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct… | |||
| CVE-2017-1530 | medium | 5.4 | 5.4 | 9y ago | IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct… | |||
| CVE-2017-1425 | medium | 5.4 | 5.4 | 9y ago | IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct… | |||
| CVE-2017-1424 | medium | 5.4 | 5.4 | 9y ago | IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot… | |||
| CVE-2017-14725 | medium | 5.4 | 5.4 | 9y ago | Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. | |||
| CVE-2017-14716 | medium | 5.4 | 5.4 | 9y ago | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter. | |||
| CVE-2017-14715 | medium | 5.4 | 5.4 | 9y ago | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter. | |||
| CVE-2017-14714 | medium | 5.4 | 5.4 | 9y ago | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter. | |||
| CVE-2017-14713 | medium | 5.4 | 5.4 | 9y ago | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Description parameter. | |||
| CVE-2017-14321 | medium | 5.4 | 5.4 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) cust… | |||
| CVE-2017-14621 | medium | 5.4 | 5.4 | 9y ago | Portus 2.2.0 has XSS via the Team field, related to typeahead. | |||
| CVE-2017-4926 | medium | 5.4 | 5.4 | 9y ago | VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which … | |||
| CVE-2017-1002011 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value->gallery_name and $value->gallery_description where anyone with privileges to… | |||
| CVE-2017-3165 | medium | 5.4 | 5.4 | 9y ago | Cross-site Scripting In Apache Brooklyn | |||
| CVE-2017-13724 | medium | 5.4 | 5.4 | 9y ago | On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site Scripting vulnerability in the APN parameter under the "Basic Settings" page. | |||
| CVE-2017-8745 | medium | 5.4 | 5.4 | 9y ago | An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint serv… | |||
| CVE-2017-8629 | medium | 5.4 | 5.4 | 9y ago | Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of privilege vulnerability when it fails to properly sanitize a specially crafted web request to an affected SharePoint server, aka… | |||
| CVE-2017-7735 | medium | 5.4 | 5.4 | 9y ago | A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while c… | |||
| CVE-2017-7734 | medium | 5.4 | 5.4 | 9y ago | A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions. | |||
| CVE-2017-14241 | medium | 5.4 | 5.4 | 9y ago | Dolibarr ERP and CRM contain XSS Vulnerability | |||
| CVE-2017-14239 | medium | 5.4 | 5.4 | 9y ago | Dolibarr cross-site scripting (XSS) vulnerability | |||
| CVE-2017-11611 | medium | 5.4 | 5.4 | 9y ago | Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of the file name in a "create-file-popup" action, and the directory name in a "cr… | |||
| CVE-2017-12227 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failur… | |||
| CVE-2017-12221 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interf… | |||
| CVE-2017-1502 | medium | 5.4 | 5.4 | 9y ago | IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended… | |||
| CVE-2017-1098 | medium | 5.4 | 5.4 | 9y ago | IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended … | |||
| CVE-2017-1449 | medium | 5.4 | 5.4 | 9y ago | IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote att… | |||
| CVE-2017-1447 | medium | 5.4 | 5.4 | 9y ago | IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot… | |||
| CVE-2017-1444 | medium | 5.4 | 5.4 | 9y ago | IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot… | |||
| CVE-2017-14049 | medium | 5.4 | 5.4 | 9y ago | In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the Website header or Website footer field. | |||
| CVE-2017-1446 | medium | 5.4 | 5.4 | 9y ago | IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended f… | |||
| CVE-2017-1445 | medium | 5.4 | 5.4 | 9y ago | IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended f… | |||
| CVE-2017-1535 | medium | 5.4 | 5.4 | 9y ago | IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially … | |||
| CVE-2017-1485 | medium | 5.4 | 5.4 | 9y ago | IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially … | |||
| CVE-2017-2256 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo". | |||
| CVE-2017-2255 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space". | |||
| CVE-2017-9555 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter. | |||
| CVE-2017-12879 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENSORS functionality in Paessler PRTG Network Monitor before 17.3.33.2654 allows authenticated remote attackers to inject arbitrary … | |||
| CVE-2017-9510 | medium | 5.4 | 5.4 | 9y ago | The repository changelog resource in Atlassian Fisheye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the s… | |||
| CVE-2017-9509 | medium | 5.4 | 5.4 | 9y ago | The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the ch… | |||
| CVE-2017-9508 | medium | 5.4 | 5.4 | 9y ago | Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name … | |||
| CVE-2017-9507 | medium | 5.4 | 5.4 | 9y ago | The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerabili… | |||
| CVE-2017-7422 | medium | 5.4 | 5.4 | 9y ago | Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 be… | |||
| CVE-2017-12978 | medium | 5.4 | 5.4 | 9y ago | lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user. | |||
| CVE-2017-12882 | medium | 5.4 | 5.4 | 9y ago | Spring Batch Admin vulnerable to Stored Cross-site scripting (XSS) in the file upload functionality | |||
| CVE-2017-12591 | medium | 5.4 | 5.4 | 9y ago | ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter. | |||
| CVE-2017-1338 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… | |||
| CVE-2017-6782 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to modify a page in the web interface of the affected application. The … | |||
| CVE-2017-9655 | medium | 5.4 | 5.4 | 9y ago | A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before… | |||
| CVE-2017-9556 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the titl… | |||
| CVE-2017-1431 | medium | 5.4 | 5.4 | 9y ago | IBM InfoSphere Streams 4.0, 4.1, and 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionali… | |||
| CVE-2017-1168 | medium | 5.4 | 5.4 | 9y ago | IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the … | |||
| CVE-2017-1448 | medium | 5.4 | 5.4 | 9y ago | IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-craf… | |||
| CVE-2017-8654 | medium | 5.4 | 5.4 | 9y ago | Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability when it does not properly sanitize a specially crafted web request to an affected SharePoint server, … | |||
| CVE-2017-8650 | medium | 5.4 | 5.4 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Fea… | |||
| CVE-2017-10230 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality Cruise Dining Room Management component of Oracle Hospitality Applications (subcomponent: SilverWhere). The supported version that is affected is 8.0.75. Easil… | |||
| CVE-2017-10229 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality Cruise Materials Management component of Oracle Hospitality Applications (subcomponent: Event Viewer). The supported version that is affected is 7.30.562. Easi… | |||
| CVE-2017-10228 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: Module). The supported version that is affected is 8.0.… | |||
| CVE-2017-10223 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Purchasing). Supported versions that are affected are 8.31.4 and 8.32.0. Easily e… | |||
| CVE-2017-10222 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Production Tool). Supported versions that are affected are 8.31.4 and 8.32.0. Eas… | |||
| CVE-2017-10142 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Mobile Apps). Supported versions that are affected are 8.5.1 and 9.0.0. Eas… | |||
| CVE-2017-10134 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: eProcurement). The supported version that is affected is 9.2. Easily exploitable vulnerability a… | |||
| CVE-2017-10098 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.… | |||
| CVE-2017-10094 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerabil… | |||
| CVE-2017-10073 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.… | |||
| CVE-2017-10072 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: All Modules). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1… | |||
| CVE-2017-10057 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Discussion Forum). The supported version that is affected is 9.1.0. Easily explo… | |||
| CVE-2017-10044 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Reporting). Supported versions that are affected are 8.5.1 and 9.0.0. Easil… | |||
| CVE-2017-10032 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Access Control List). Supported versions that are affected are 6.3.4.1, 6.3.5.1, 6… | |||
| CVE-2017-10027 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Homepage & Navigation). Supported versions that are affected are 8.54 and 8.55. Eas… | |||
| CVE-2017-10012 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Operations). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 1… | |||
| CVE-2017-10002 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality Inventory Management component of Oracle Hospitality Applications (subcomponent: Settings and Config). Supported versions that are affected are 8.5.1 and 9.0.0… | |||
| CVE-2017-6871 | medium | 5.4 | 5.4 | 9y ago | A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attack… | |||
| CVE-2017-6769 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web-based management interface of the Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) atta… | |||
| CVE-2017-6764 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.5(1) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack ag… | |||
| CVE-2017-1331 | medium | 5.4 | 5.4 | 9y ago | IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality … | |||
| CVE-2017-1199 | medium | 5.4 | 5.4 | 9y ago | IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the We… | |||
| CVE-2017-12066 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer hea… | |||
| CVE-2017-1496 | medium | 5.4 | 5.4 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended f… | |||
| CVE-2017-11725 | medium | 5.4 | 5.4 | 9y ago | The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections. | |||
| CVE-2017-11647 | medium | 5.4 | 5.4 | 9y ago | NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to stored cross-site scripting attacks. Creating an SSID with an XSS payload results in su… | |||
| CVE-2017-11691 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. | |||
| CVE-2017-6749 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against… | |||
| CVE-2017-1380 | medium | 5.4 | 5.4 | 9y ago | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inten… |