Total
38033 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-0527 | 1 Cybozu | 1 Office | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-0519 | 1 Fsi | 2 Fs010w, Fs010w Firmware | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-0513 | 1 Mtssb.mt-systems | 1 Simple Booking | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in MTS Simple Booking C, MTS Simple Booking Business version 1.28.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-0511 | 1 Meowapps | 1 Wp Retina 2x | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-0508 | 1 Kkcald Project | 1 Kkcald | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-0503 | 3 Debian, Mediawiki, Redhat | 3 Debian Linux, Mediawiki, Openshift | 2024-11-21 | N/A |
| Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'. | ||||
| CVE-2018-0499 | 2 Canonical, Xapian | 2 Ubuntu Linux, Xapian-core | 2024-11-21 | N/A |
| A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet(). | ||||
| CVE-2018-0059 | 1 Juniper | 1 Netscreen Screenos | 2024-11-21 | N/A |
| A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. Affected releases are Juniper Networks ScreenOS 6.3.0 versions prior to 6.3.0r26. | ||||
| CVE-2018-0047 | 1 Juniper | 1 Junos Space | 2024-11-21 | N/A |
| A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2. | ||||
| CVE-2018-0046 | 1 Juniper | 1 Junos Space | 2024-11-21 | N/A |
| A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1. | ||||
| CVE-2018-0011 | 1 Juniper | 1 Junos Space | 2024-11-21 | N/A |
| A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a session, and to perform administrative actions on the Junos Space network management device. | ||||
| CVE-2017-9838 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A |
| Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions before 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type parameter), holiday/list.php (month_create, month_start, and month_end parameters), and don/card.php (societe, lastname, firstname, address, zipcode, town, and email parameters). | ||||
| CVE-2017-9808 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). | ||||
| CVE-2017-9786 | 1 Projectsend | 1 Projectsend | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in My account Name updated, related to home.php and actions-log.php. | ||||
| CVE-2017-9783 | 1 Projectsend | 1 Projectsend | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in a Site name updated. | ||||
| CVE-2017-9425 | 1 Facetag Project | 1 Facetag | 2024-11-21 | N/A |
| The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action. | ||||
| CVE-2017-9390 | 1 Getvera | 4 Veraedge, Veraedge Firmware, Veralite and 1 more | 2024-11-21 | N/A |
| An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called connect.sh which is supposed to return a specific cookie for the user when the user is authenticated to https://home.getvera.com. One of the parameters retrieved by this script is "RedirectURL". However, the application lacks strict input validation of this parameter and this allows an attacker to execute the client-side code on this application. | ||||
| CVE-2017-9387 | 1 Getvera | 4 Veraedge, Veraedge Firmware, Veralite and 1 more | 2024-11-21 | N/A |
| An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called relay.sh which is used for creating new SSH relays for the device so that the device connects to Vera servers. All the parameters passed in this specific script are logged to a log file called log.relay in the /tmp folder. The user can also read all the log files from the device using a script called log.sh. However, when the script loads the log files it displays them with content-type text/html and passes all the logs through the ansi2html binary which converts all the character text including HTML meta-characters correctly to be displayed in the browser. This allows an attacker to use the log files as a storing mechanism for the XSS payload and thus whenever a user navigates to that log.sh script, it enables the XSS payload and allows an attacker to execute his malicious payload on the user's browser. | ||||
| CVE-2017-9276 | 1 Netiq | 1 Access Manager | 2024-11-21 | N/A |
| Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the "a" parameter. | ||||
| CVE-2017-9275 | 1 Netiq | 1 Identity Reporting | 2024-11-21 | N/A |
| NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is susceptible to an XSS attack. | ||||