CVEs from 2017
Total
11,665
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6899 | medium | 6.2 | 6.2 | 9y ago | The msm_bus_dbg_update_request_write function in drivers/platform/msm/msm_bus/msm_bus_dbg.c in android_kernel_huawei_msm8916 through 2017-06-16 in LineageOS, and possibly other kernels for MSM device… | |||
| CVE-2017-2330 | medium | 6.2 | 6.2 | 9y ago | A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, local user, to create a fork bomb scenario, … | |||
| CVE-2017-2329 | medium | 6.2 | 6.2 | 9y ago | An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to execute certa… | |||
| CVE-2017-5137 | medium | 6.2 | 6.2 | 9y ago | An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective. | |||
| CVE-2017-7233 | medium | 6.1 | 6.1 | 8y ago | Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``dj… | |||
| CVE-2017-18006 | medium | 6.1 | 6.1 | 9y ago | netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447. | |||
| CVE-2017-12813 | medium | 6.1 | 6.1 | 9y ago | PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section. | |||
| CVE-2017-12812 | medium | 6.1 | 6.1 | 9y ago | PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab. | |||
| CVE-2017-12811 | medium | 6.1 | 6.1 | 9y ago | PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item. | |||
| CVE-2017-12810 | medium | 6.1 | 6.1 | 9y ago | PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel. | |||
| CVE-2017-17971 | medium | 6.1 | 6.1 | 9y ago | Dolibarr ERP and CRM contain XSS Vulnerability | |||
| CVE-2017-17933 | medium | 6.1 | 6.1 | 9y ago | cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter. | |||
| CVE-2017-16876 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape t… | |||
| CVE-2017-17958 | medium | 6.1 | 6.1 | 9y ago | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter. | |||
| CVE-2017-17956 | medium | 6.1 | 6.1 | 9y ago | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter. | |||
| CVE-2017-17955 | medium | 6.1 | 6.1 | 9y ago | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter. | |||
| CVE-2017-17954 | medium | 6.1 | 6.1 | 9y ago | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter. | |||
| CVE-2017-17953 | medium | 6.1 | 6.1 | 9y ago | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter. | |||
| CVE-2017-17949 | medium | 6.1 | 6.1 | 9y ago | Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter. | |||
| CVE-2017-17948 | medium | 6.1 | 6.1 | 9y ago | Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request. | |||
| CVE-2017-17937 | medium | 6.1 | 6.1 | 9y ago | Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search. | |||
| CVE-2017-17911 | medium | 6.1 | 6.1 | 9y ago | packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?p=core/contact request, aka Open Bug Bounty ID OBB-278503. | |||
| CVE-2017-17907 | medium | 6.1 | 6.1 | 9y ago | PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter. | |||
| CVE-2017-17896 | medium | 6.1 | 6.1 | 9y ago | Readymade Job Site Script has XSS via the keyword parameter to the /job URI. | |||
| CVE-2017-17893 | medium | 6.1 | 6.1 | 9y ago | Readymade Video Sharing Script has XSS via the search_video.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter. | |||
| CVE-2017-17869 | medium | 6.1 | 6.1 | 9y ago | The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter. | |||
| CVE-2017-17868 | medium | 6.1 | 6.1 | 9y ago | In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag. | |||
| CVE-2017-17859 | medium | 6.1 | 6.1 | 9y ago | Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside X… | |||
| CVE-2017-17826 | medium | 6.1 | 6.1 | 9y ago | The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.php?page=configuration§ion=main request. An attacker can e… | |||
| CVE-2017-1262 | medium | 6.1 | 6.1 | 9y ago | IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split respo… | |||
| CVE-2017-4940 | medium | 6.1 | 6.1 | 9y ago | The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-sit… | |||
| CVE-2017-17792 | medium | 6.1 | 6.1 | 9y ago | Cross site scripting (XSS) vulnerability in the markup_clean_href function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment. | |||
| CVE-2017-17780 | medium | 6.1 | 6.1 | 9y ago | The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following Wo… | |||
| CVE-2017-17775 | medium | 6.1 | 6.1 | 9y ago | Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request. | |||
| CVE-2017-17753 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the esb-csv-import-export plugin through 1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cie_type, (… | |||
| CVE-2017-17744 | medium | 6.1 | 6.1 | 9y ago | A cross-site scripting (XSS) vulnerability in the custom-map plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter to view/advanceds… | |||
| CVE-2017-17719 | medium | 6.1 | 6.1 | 9y ago | A cross-site scripting (XSS) vulnerability in the wp-concours plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the result_message parameter to inclu… | |||
| CVE-2017-16950 | medium | 6.1 | 6.1 | 9y ago | Cross - site scripting (XSS) vulnerability in UrBackup Server before 2.1.20 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||
| CVE-2017-17714 | medium | 6.1 | 6.1 | 9y ago | Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /regi… | |||
| CVE-2017-14134 | medium | 6.1 | 6.1 | 9y ago | A Reflected XSS Vulnerability affects the forgotten password page of Maplesoft Maple T.A. 2016.0.6 (Customer Hosted) via the emailAddress parameter to passwordreset/PasswordReset.do, aka Open Bug Bou… | |||
| CVE-2017-14093 | medium | 6.1 | 6.1 | 9y ago | The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks. | |||
| CVE-2017-17698 | medium | 6.1 | 6.1 | 9y ago | Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec. | |||
| CVE-2017-1558 | medium | 6.1 | 6.1 | 9y ago | IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remot… | |||
| CVE-2017-1421 | medium | 6.1 | 6.1 | 9y ago | IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cred… | |||
| CVE-2017-17569 | medium | 6.1 | 6.1 | 9y ago | Scubez Posty Readymade Classifieds has XSS via the admin/user_activate_submit.php ID parameter. | |||
| CVE-2017-16685 | medium | 6.1 | 6.1 | 9y ago | Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs. | |||
| CVE-2017-16681 | medium | 6.1 | 6.1 | 9y ago | Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as user controlled inputs are not sufficiently encoded. | |||
| CVE-2017-16679 | medium | 6.1 | 6.1 | 9y ago | URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45… | |||
| CVE-2017-16723 | medium | 6.1 | 6.1 | 9y ago | A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SER… | |||
| CVE-2017-11507 | medium | 6.1 | 6.1 | 9y ago | A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScrip… | |||
| CVE-2017-3109 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has a reflected cross-site scripting vulnerability in the HtmlRendererServlet. | |||
| CVE-2017-11296 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager. | |||
| CVE-2017-11290 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress (or Clickjacking) vulnerability exists. This issue has been resolved by adding a feature that enables Connect adminis… | |||
| CVE-2017-11289 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure. | |||
| CVE-2017-11288 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure. | |||
| CVE-2017-11287 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure. | |||
| CVE-2017-11482 | medium | 6.1 | 6.1 | 9y ago | The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an a… | |||
| CVE-2017-11481 | medium | 6.1 | 6.1 | 9y ago | Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions… | |||
| CVE-2017-10896 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to inject arbitrary web script or HTML via unspe… | |||
| CVE-2017-14386 | medium | 6.1 | 6.1 | 9y ago | The web user interface of Dell 2335dn and 2355dn Multifunction Laser Printers, firmware versions prior to V2.70.06.26 A13 and V2.70.45.34 A10 respectively, are affected by a cross-site scripting vuln… | |||
| CVE-2017-17451 | medium | 6.1 | 6.1 | 9y ago | The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php. | |||
| CVE-2017-17431 | medium | 6.1 | 6.1 | 9y ago | GeniXCMS XSS Vulnerability | |||
| CVE-2017-16856 | medium | 6.1 | 6.1 | 9y ago | The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties… | |||
| CVE-2017-16721 | medium | 6.1 | 6.1 | 9y ago | A Cross-site Scripting issue was discovered in Geovap Reliance SCADA Version 4.7.3 Update 2 and prior. This vulnerability could allow an unauthenticated attacker to inject arbitrary code. | |||
| CVE-2017-17057 | medium | 6.1 | 6.1 | 9y ago | There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the 'Range' field of the 'Department' module in a Pe… | |||
| CVE-2017-17096 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Content Cards plugin before 0.9.7 for WordPress allows remote attackers to inject arbitrary JavaScript via crafted OpenGraph data. | |||
| CVE-2017-14516 | medium | 6.1 | 6.1 | 9y ago | Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note 2422292. | |||
| CVE-2017-3105 | medium | 6.1 | 6.1 | 9y ago | Adobe RoboHelp has an Open Redirect vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2. | |||
| CVE-2017-3104 | medium | 6.1 | 6.1 | 9y ago | Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2. | |||
| CVE-2017-11285 | medium | 6.1 | 6.1 | 9y ago | Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11. | |||
| CVE-2017-12366 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is… | |||
| CVE-2017-12356 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack… | |||
| CVE-2017-12347 | medium | 6.1 | 6.1 | 9y ago | Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicio… | |||
| CVE-2017-12346 | medium | 6.1 | 6.1 | 9y ago | Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicio… | |||
| CVE-2017-12344 | medium | 6.1 | 6.1 | 9y ago | Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicio… | |||
| CVE-2017-14197 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting (XSS) issues in Matrix WYSIWYG plugins. | |||
| CVE-2017-17059 | medium | 6.1 | 6.1 | 9y ago | XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php. | |||
| CVE-2017-17043 | medium | 6.1 | 6.1 | 9y ago | The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filt… | |||
| CVE-2017-15100 | medium | 6.1 | 6.1 | 9y ago | An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends… | |||
| CVE-2017-8044 | medium | 6.1 | 6.1 | 9y ago | In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading… | |||
| CVE-2017-16956 | medium | 6.1 | 6.1 | 9y ago | b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title. | |||
| CVE-2017-8182 | medium | 6.1 | 6.1 | 9y ago | MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a out-of-bound read vulnerability. An attacker tricks a user in… | |||
| CVE-2017-8139 | medium | 6.1 | 6.1 | 9y ago | HedEx Earlier than V200R006C00 versions have the stored cross-site scripting (XSS) vulnerability. Attackers can exploit the vulnerability to plant malicious scripts into the configuration file to int… | |||
| CVE-2017-8127 | medium | 6.1 | 6.1 | 9y ago | The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks. | |||
| CVE-2017-8125 | medium | 6.1 | 6.1 | 9y ago | The UMA product with software V200R001 and V300R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch X… | |||
| CVE-2017-16904 | medium | 6.1 | 6.1 | 9y ago | The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator. | |||
| CVE-2017-16881 | medium | 6.1 | 6.1 | 9y ago | b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor… | |||
| CVE-2017-14077 | medium | 6.1 | 6.1 | 9y ago | Securimage HTML Injection | |||
| CVE-2017-16880 | medium | 6.1 | 6.1 | 9y ago | filp whoops Cross-site Scripting vulnerability | |||
| CVE-2017-1000163 | medium | 6.1 | 6.1 | 9y ago | Phoenix Arbitrary URL Redirect | |||
| CVE-2017-4929 | medium | 6.1 | 6.1 | 9y ago | VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure. | |||
| CVE-2017-1000225 | medium | 6.1 | 6.1 | 9y ago | Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can | |||
| CVE-2017-1000188 | medium | 6.1 | 6.1 | 9y ago | nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection | |||
| CVE-2017-1000193 | medium | 6.1 | 6.1 | 9y ago | October CMS XSS | |||
| CVE-2017-16866 | medium | 6.1 | 6.1 | 9y ago | dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) in core/M_Controller.php via the DR_URI field. | |||
| CVE-2017-12323 | medium | 6.1 | 6.1 | 9y ago | Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) … | |||
| CVE-2017-12322 | medium | 6.1 | 6.1 | 9y ago | Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) … | |||
| CVE-2017-12321 | medium | 6.1 | 6.1 | 9y ago | Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) … | |||
| CVE-2017-12320 | medium | 6.1 | 6.1 | 9y ago | Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) … | |||
| CVE-2017-12304 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the IOS daemon (IOSd) web-based management interface of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack… |