Lucene search
K

2049 matches found

NVD
NVD
added 2017/10/05 7:29 a.m.18 views

CVE-2017-12257

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters...

6.1CVSS6.1AI score0.00868EPSS
Exploits0References2
CNVD
CNVD
added 2017/09/28 12:0 a.m.1 views

Drupal 'Commerce Invoices' Module SQL Injection and Cross Site Scripting Vulnerabilities

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Ctools Chaos tool suite is one of the API modules used to improve the development experience. SQL injection and cross-site scripting vulnerabilities exist in the Drupal 'Commerce...

7.7AI score
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/24 4:52 a.m.3 views

Multiple cross-site scripting vulnerabilities in ScreenOS

Overview ScreenOS provided by Juniper Networks contains multiple cross-site scripting vulnerabilities. Toshitsugu Yoneyama and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

9.6CVSS6.3AI score0.01194EPSS
Exploits0References13
CNVD
CNVD
added 2017/06/23 12:0 a.m.2 views

Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2017-15836)

Cisco Firepower Management Center is a new generation of firewall management center software from the U.S. company Cisco Cisco. A cross-site scripting vulnerability exists in the Web Framework in Cisco Firepower Management Center 5.4.1 and prior versions, which arises from the program failing to...

5.4CVSS6.7AI score0.00642EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/06/13 5:11 a.m.2 views

Cross-site scripting vulnerability in WordPress plugin "WordPress Download Manager"

Overview The WordPress plugin "WordPress Download Manager" provided by W3 Eden, Inc. contains a cross-site scripting vulnerability CWE-79. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

6.1CVSS6AI score0.01432EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/05/19 12:0 a.m.36 views

JVN#11326581: Empirical Project Monitor - eXtended vulnerable to cross-site scripting

Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Empirical Project Monitor - eXtended The...

6.1CVSS6.1AI score0.01195EPSS
Exploits0
NVD
NVD
added 2017/04/28 4:59 p.m.15 views

CVE-2017-2140

Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory...

8.8CVSS8.6AI score0.0137EPSS
Exploits0References2
OSV
OSV
added 2017/04/28 4:59 p.m.3 views

CVE-2017-2140

Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory...

8.8CVSS5.8AI score0.0137EPSS
Exploits0References2
CVE
CVE
added 2017/04/28 4:0 p.m.49 views

CVE-2017-2140

CVE-2017-2140 affects Tablacus Explorer 17.3.30 and earlier. The root cause is improper handling of directory names, leading to a script injection vulnerability that allows arbitrary scripts to run in the context of the application. Impact stated: when a user accesses a crafted directory, an arbi...

8.8CVSS8.6AI score0.0137EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2017/04/12 3:0 p.m.49 views

CVE-2017-3125

CVE-2017-3125 describes an unauthenticated Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail. Affected versions: FortiMail 5.0.0–5.2.9 and 5.3.0–5.3.8. An attacker can trick a logged-in user into clicking a crafted URL, enabling execution of arbitrary scripts in the user’s browser in...

6.1CVSS6.3AI score0.01106EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2017/03/27 12:0 a.m.1 views

Unspecified Cross-Site Scripting Vulnerability in Trend Micro ServerProtect for Linux

Trend Micro ServerProtect for Linux is an enterprise-grade anti-virus program that runs on Linux. An unspecified cross-site scripting vulnerability exists in Trend Micro ServerProtect for Linux, which is caused by a failure to validate user-submitted data. The vulnerability can be exploited to...

7AI score
Exploits0References1
OSV
OSV
added 2017/03/23 10:59 p.m.5 views

CVE-2017-7248

A Cross-Site Scripting XSS was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data type passed to the 'Gazelle-master/sections/better/transcode.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the...

6.1CVSS6AI score0.01051EPSS
Exploits0References3
CNVD
CNVD
added 2017/03/13 12:0 a.m.3 views

WordPress Cross-Site Scripting Vulnerability (CNVD-2017-03615)

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress suffers from a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary...

5.4CVSS6.9AI score0.03016EPSS
Exploits1References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/03/08 12:57 a.m.4 views

OneThird CMS vulnerable to cross-site scripting

Overview OneThird CMS provided by SpiQe Software contains a cross-site scripting vulnerability CWE-79 due to an issue in processing the inquiry form. Note that this vulnerability is different from JVN49408248. Satoshi Takagi of Cryptography Laboratory,Department of Information and Communication...

6.1CVSS6.1AI score0.01146EPSS
Exploits0References5
Openbugbounty
Openbugbounty
added 2017/03/02 4:44 p.m.13 views

melbourne.com XSS vulnerability

Vulnerable URL:...

6.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/02/28 12:0 a.m.53 views

JVN#73083905: Multiple vulnerabilities in WBCE CMS

WBCE CMS provided by WBCE Team is an open-source Contents Management System CMS. WBCE CMS contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2017-2118 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

8.6CVSS7.1AI score0.0351EPSS
Exploits0
CNVD
CNVD
added 2017/02/14 12:0 a.m.3 views

Fastspot BigTree bigtree-form-builder input validation vulnerability

Fastspot BigTree is the United States Fastspot company based on PHP and MySQL open source content management system CMS. bigtree-form-builder is one of the administrators used to build and collect the front-end user input information form . Fastspot BigTree bigtree-form-builder A security...

6.1CVSS6.5AI score0.00774EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/02/09 5:6 a.m.2 views

Multiple cross-site scripting vulnerabilities in Webmin

Overview Webmin contains multiple cross-site scripting vulnerabilities CWE-79 due to issues in outputting error messages into a HTML page and the function to edit the database. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

6.1CVSS6.2AI score0.01739EPSS
Exploits0References6
CNVD
CNVD
added 2017/01/25 12:0 a.m.3 views

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (CNVD-2017-01082)

Cisco Unified Communications Manager is a call processing component of a Cisco IP telephony solution. A cross-site scripting vulnerability exists in Cisco Unified Communications Manager that stems from a failure to validate user input. An attacker could use this vulnerability to execute arbitrary...

6.1CVSS6.8AI score0.01228EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/01/06 5:2 a.m.1 views

Olive Diary DX vulnerable to cross-site scripting

Overview Olive Diary DX provided by Olive Design contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing the page parameter. Impact An artbitrary script may be executed on the user's web browser. Solution Do not use Olive Diary DX Olive Diary DX is no longer being develop...

6.1CVSS6.1AI score0.00886EPSS
Exploits0References5
Rows per page
Query Builder