CVEs from 2017
Total
11,665
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-12292 | medium | 6.1 | 6.1 | 9y ago | Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) … | |||
| CVE-2017-12291 | medium | 6.1 | 6.1 | 9y ago | Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) … | |||
| CVE-2017-12290 | medium | 6.1 | 6.1 | 9y ago | Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) … | |||
| CVE-2017-8811 | medium | 6.1 | 6.1 | 9y ago | The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks. | |||
| CVE-2017-8808 | medium | 6.1 | 6.1 | 9y ago | MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping. | |||
| CVE-2017-12738 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected … | |||
| CVE-2017-11863 | medium | 6.1 | 6.1 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious c… | |||
| CVE-2017-16815 | medium | 6.1 | 6.1 | 9y ago | installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values "url_new" (/wp-content/plugins/duplicator/installer/build/… | |||
| CVE-2017-9085 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 6.5 to 8.0 allow remote attackers to inject arbitrary web script via the (1) "paramFile" parameter to /Site/Troubleshooting/Diagnos… | |||
| CVE-2017-7739 | medium | 6.1 | 6.1 | 9y ago | A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject… | |||
| CVE-2017-13819 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "HelpViewer" component. A cross-site scripting (XSS) vulnerability allows remote attackers … | |||
| CVE-2017-16785 | medium | 6.1 | 6.1 | 9y ago | Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. | |||
| CVE-2017-16784 | medium | 6.1 | 6.1 | 9y ago | In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter. | |||
| CVE-2017-16782 | medium | 6.1 | 6.1 | 9y ago | In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS. | |||
| CVE-2017-16765 | medium | 6.1 | 6.1 | 9y ago | XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi. | |||
| CVE-2017-16761 | medium | 6.1 | 6.1 | 9y ago | An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites. | |||
| CVE-2017-16760 | medium | 6.1 | 6.1 | 9y ago | Inedo BuildMaster before 5.8.2 has XSS. | |||
| CVE-2017-16792 | medium | 6.1 | 6.1 | 9y ago | Geminabox contains Cross-site Scripting | |||
| CVE-2017-16665 | medium | 6.1 | 6.1 | 9y ago | RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a reflected Cross Site Scripting (XSS) attack via the service parameter to the /soap URI, triggering an invalid attempt to generate WSDL. | |||
| CVE-2017-7425 | medium | 6.1 | 6.1 | 9y ago | Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2. | |||
| CVE-2017-12283 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the handling of 802.11w Protected Management Frames (PAF) by Cisco Aironet 3800 Series Access Points could allow an unauthenticated, adjacent attacker to terminate a valid user con… | |||
| CVE-2017-12282 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the Access Network Query Protocol (ANQP) ingress frame processing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, Layer 2 RF-adjacent attacker to ca… | |||
| CVE-2017-14358 | medium | 6.1 | 6.1 | 9y ago | A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited r… | |||
| CVE-2017-14357 | medium | 6.1 | 6.1 | 9y ago | A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could … | |||
| CVE-2017-14373 | medium | 6.1 | 6.1 | 9y ago | EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||
| CVE-2017-7733 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redi… | |||
| CVE-2017-5085 | medium | 6.1 | 6.1 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5069 | medium | 6.1 | 6.1 | 9y ago | multiple issues in chromium | |||
| CVE-2017-1521 | medium | 6.1 | 6.1 | 9y ago | IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications (IBM BigFix Platform 9.2 and 9.5) is vulnerable to cross-site scripting. This vulnerability allows users to embed arb… | |||
| CVE-2017-7732 | medium | 6.1 | 6.1 | 9y ago | A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows attack… | |||
| CVE-2017-15885 | medium | 6.1 | 6.1 | 9y ago | Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml. NOTE:… | |||
| CVE-2017-15867 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin through 1.5.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (… | |||
| CVE-2017-15863 | medium | 6.1 | 6.1 | 9y ago | Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin before 3.5.19 for WordPress via the date1 or date2 parameter to wp-admin/options-general.php. | |||
| CVE-2017-15812 | medium | 6.1 | 6.1 | 9y ago | The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a Settings values in the admin panel. | |||
| CVE-2017-15810 | medium | 6.1 | 6.1 | 9y ago | The PopCash.Net Code Integration Tool plugin before 1.1 for WordPress has XSS via the tab parameter to wp-admin/admin.php. | |||
| CVE-2017-15809 | medium | 6.1 | 6.1 | 9y ago | In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag. | |||
| CVE-2017-15380 | medium | 6.1 | 6.1 | 9y ago | XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester's registration area) via the nome parameter. | |||
| CVE-2017-7109 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |||
| CVE-2017-15736 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to … | |||
| CVE-2017-15648 | medium | 6.1 | 6.1 | 9y ago | In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter. | |||
| CVE-2017-10406 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.54, 8.55 and 8.56. Easil… | |||
| CVE-2017-10397 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: BaseMasterPage). The supported version that is affected is 9.0.2.0. Easily … | |||
| CVE-2017-10381 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.54, 8.55 and 8.56. Easil… | |||
| CVE-2017-10368 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the PeopleSoft Enterprise SCM eProcurement component of Oracle PeopleSoft Products (subcomponent: Manage Requisition Status). Supported versions that are affected are 9.1.00 and 9.2.… | |||
| CVE-2017-10327 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Query). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable … | |||
| CVE-2017-10315 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows un… | |||
| CVE-2017-10302 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows un… | |||
| CVE-2017-10293 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows … | |||
| CVE-2017-10159 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Portal, CMP). Supported versions that are affected are 11.5 and 12.x. Easil… | |||
| CVE-2017-10158 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Core). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable v… | |||
| CVE-2017-10055 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Oracle iPlanet Web Server component of Oracle Fusion Middleware (subcomponent: Admin Graphical User Interface). The supported version that is affected is 7.0. Easily exploitable … | |||
| CVE-2017-15612 | medium | 6.1 | 6.1 | 9y ago | mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions. | |||
| CVE-2017-12298 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is… | |||
| CVE-2017-12296 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability … | |||
| CVE-2017-12288 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a … | |||
| CVE-2017-12272 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface o… | |||
| CVE-2017-8024 | medium | 6.1 | 6.1 | 9y ago | EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially … | |||
| CVE-2017-15574 | medium | 6.1 | 6.1 | 9y ago | In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment. | |||
| CVE-2017-15573 | medium | 6.1 | 6.1 | 9y ago | In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content. | |||
| CVE-2017-15571 | medium | 6.1 | 6.1 | 9y ago | In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data. | |||
| CVE-2017-15570 | medium | 6.1 | 6.1 | 9y ago | In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data. | |||
| CVE-2017-15569 | medium | 6.1 | 6.1 | 9y ago | In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an… | |||
| CVE-2017-15568 | medium | 6.1 | 6.1 | 9y ago | In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering o… | |||
| CVE-2017-15384 | medium | 6.1 | 6.1 | 9y ago | rate-me.php in Rate Me 1.0 has XSS via the id field in a rate action. | |||
| CVE-2017-15294 | medium | 6.1 | 6.1 | 9y ago | The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964. | |||
| CVE-2017-15375 | medium | 6.1 | 6.1 | 9y ago | Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the `query` and `id` paramete… | |||
| CVE-2017-15362 | medium | 6.1 | 6.1 | 9y ago | osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as th… | |||
| CVE-2017-15305 | medium | 6.1 | 6.1 | 9y ago | XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php. | |||
| CVE-2017-8017 | medium | 6.1 | 6.1 | 9y ago | EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to co… | |||
| CVE-2017-14372 | medium | 6.1 | 6.1 | 9y ago | RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary… | |||
| CVE-2017-14371 | medium | 6.1 | 6.1 | 9y ago | RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser se… | |||
| CVE-2017-14588 | medium | 6.1 | 6.1 | 9y ago | Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog par… | |||
| CVE-2017-15215 | medium | 6.1 | 6.1 | 9y ago | Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (fo… | |||
| CVE-2017-15194 | medium | 6.1 | 6.1 | 9y ago | include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page. | |||
| CVE-2017-1503 | medium | 6.1 | 6.1 | 9y ago | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the s… | |||
| CVE-2017-15216 | medium | 6.1 | 6.1 | 9y ago | MISP before 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.… | |||
| CVE-2017-13994 | medium | 6.1 | 6.1 | 9y ago | A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticat… | |||
| CVE-2017-14354 | medium | 6.1 | 6.1 | 9y ago | A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site … | |||
| CVE-2017-12265 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attac… | |||
| CVE-2017-12258 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. The vulnerability exists b… | |||
| CVE-2017-12257 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface … | |||
| CVE-2017-1000109 | medium | 6.1 | 6.1 | 9y ago | Persistent XSS vulnerability in Jenkins OWASP Dependency-Check Plugin | |||
| CVE-2017-8047 | medium | 6.1 | 6.1 | 9y ago | In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL… | |||
| CVE-2017-15009 | medium | 6.1 | 6.1 | 9y ago | PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected Cross-Site Scripting on error.htm (the error page), via the errormsg parameter. | |||
| CVE-2017-14995 | medium | 6.1 | 6.1 | 9y ago | The Management Console in WSO2 Application Server 5.3.0, WSO2 Business Process Server 3.6.0, WSO2 Business Rules Server 2.2.0, WSO2 Complex Event Processor 4.2.0, WSO2 Dashboard Server 2.0.0, WSO2 Da… | |||
| CVE-2017-14756 | medium | 6.1 | 6.1 | 9y ago | OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/Deployment (… | |||
| CVE-2017-14755 | medium | 6.1 | 6.1 | 9y ago | OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, … | |||
| CVE-2017-12792 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) a… | |||
| CVE-2017-14957 | medium | 6.1 | 6.1 | 9y ago | Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can (for examp… | |||
| CVE-2017-14920 | medium | 6.1 | 6.1 | 9y ago | eGroupware Community Edition Stored XSS vulnerability | |||
| CVE-2017-14352 | medium | 6.1 | 6.1 | 9y ago | A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow … | |||
| CVE-2017-13986 | medium | 6.1 | 6.1 | 9y ago | A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a speci… | |||
| CVE-2017-7554 | medium | 6.1 | 6.1 | 9y ago | It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using Ap… | |||
| CVE-2017-11479 | medium | 6.1 | 6.1 | 9y ago | Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of… | |||
| CVE-2017-10701 | medium | 6.1 | 6.1 | 9y ago | Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516. | |||
| CVE-2017-1591 | medium | 6.1 | 6.1 | 9y ago | IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended… | |||
| CVE-2017-14622 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page… | |||
| CVE-2017-14525 | medium | 6.1 | 6.1 | 9y ago | Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the st… | |||
| CVE-2017-14524 | medium | 6.1 | 6.1 | 9y ago | Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in… | |||
| CVE-2017-14765 | medium | 6.1 | 6.1 | 9y ago | GeniXCMS Cross-site Scripting (XSS) via the Menu ID field |