CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1000006 | medium | 6.1 | 6.1 | 9y ago | Cross Site Scripting (XSS) in plotly.js | |||
| CVE-2017-1000005 | medium | 6.1 | 6.1 | 9y ago | PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the name of databases, tables and columns resulting in potential account takeover and scraping of data (stealing data). | |||
| CVE-2017-11202 | medium | 6.1 | 6.1 | 9y ago | FineCMS through 2017-07-12 allows XSS in visitors.php because JavaScript in visited URLs is not restricted either during logging or during the reading of logs, a different vulnerability than CVE-2017… | |||
| CVE-2017-11198 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_image.php in FineCMS through 2017-07-12 allows remote attackers to inject arbitrary web script or HTML via the folder, id, or nam… | |||
| CVE-2017-11195 | medium | 6.1 | 6.1 | 9y ago | Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags… | |||
| CVE-2017-11194 | medium | 6.1 | 6.1 | 9y ago | Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and i… | |||
| CVE-2017-1321 | medium | 6.1 | 6.1 | 9y ago | IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… | |||
| CVE-2017-7678 | medium | 6.1 | 6.1 | 9y ago | Moderate severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 | |||
| CVE-2017-11180 | medium | 6.1 | 6.1 | 9y ago | FineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in (1) the User-Agent header of an HTTP request or (2) the username entered on the login scre… | |||
| CVE-2017-11179 | medium | 6.1 | 6.1 | 9y ago | FineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account. | |||
| CVE-2017-8621 | medium | 6.1 | 6.1 | 9y ago | Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft… | |||
| CVE-2017-8560 | medium | 6.1 | 6.1 | 9y ago | Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlo… | |||
| CVE-2017-8559 | medium | 6.1 | 6.1 | 9y ago | Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlo… | |||
| CVE-2017-16833 | medium | 6.1 | 6.1 | 9y ago | Gemirro Stored XSS in Gemspec "homepage" value | |||
| CVE-2017-6733 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS… | |||
| CVE-2017-1398 | medium | 6.1 | 6.1 | 9y ago | IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a vic… | |||
| CVE-2017-11107 | medium | 6.1 | 6.1 | 9y ago | phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter. | |||
| CVE-2017-10991 | medium | 6.1 | 6.1 | 9y ago | The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page. | |||
| CVE-2017-2243 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2224 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in Event Calendar WD prior to version 1.0.94 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2222 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in WP-Members prior to version 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2217 | medium | 6.1 | 6.1 | 9y ago | Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||
| CVE-2017-2216 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2194 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in Source code security studying tool iCodeChecker allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2172 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-5002 | medium | 6.1 | 6.1 | 9y ago | EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrar… | |||
| CVE-2017-10967 | medium | 6.1 | 6.1 | 9y ago | In FineCMS before 2017-07-06, application\core\controller\config.php allows XSS in the (1) key_name, (2) key_value, and (3) meaning parameters. | |||
| CVE-2017-10975 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Lutim before 0.8 might allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in an upload notification an… | |||
| CVE-2017-1256 | medium | 6.1 | 6.1 | 9y ago | IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten… | |||
| CVE-2017-1217 | medium | 6.1 | 6.1 | 9y ago | IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten… | |||
| CVE-2017-7276 | medium | 6.1 | 6.1 | 9y ago | There is reflected XSS in TOPdesk before 5.7.6 and 6.x and 7.x before 7.03.019. | |||
| CVE-2017-9313 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter … | |||
| CVE-2017-7316 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered on Humax Digital HG100R 2.0.6 devices. There is XSS on the 404 page. | |||
| CVE-2017-6725 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interf… | |||
| CVE-2017-6724 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interf… | |||
| CVE-2017-6722 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legi… | |||
| CVE-2017-6702 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web framework of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affe… | |||
| CVE-2017-6701 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) atta… | |||
| CVE-2017-6700 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a D… | |||
| CVE-2017-6699 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a r… | |||
| CVE-2017-10798 | medium | 6.1 | 6.1 | 9y ago | In ObjectPlanet Opinio before 7.6.4, there is XSS. | |||
| CVE-2017-10795 | medium | 6.1 | 6.1 | 9y ago | Subrion Cross-site scripting (XSS) vulnerability | |||
| CVE-2017-6018 | medium | 6.1 | 6.1 | 9y ago | An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713… | |||
| CVE-2017-10673 | medium | 6.1 | 6.1 | 9y ago | admin/profile.php in GetSimple CMS 3.x has XSS in a name field. | |||
| CVE-2017-10667 | medium | 6.1 | 6.1 | 9y ago | In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS. | |||
| CVE-2017-9145 | medium | 6.1 | 6.1 | 9y ago | TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS. | |||
| CVE-2017-7416 | medium | 6.1 | 6.1 | 9y ago | ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated. | |||
| CVE-2017-9356 | medium | 6.1 | 6.1 | 9y ago | Sitecore.NET 7.1 through 7.2 has a Cross Site Scripting Vulnerability via the searchStr parameter to the /Search-Results URI. | |||
| CVE-2017-6053 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within t… | |||
| CVE-2017-9781 | medium | 6.1 | 6.1 | 9y ago | A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the _username pa… | |||
| CVE-2017-9668 | medium | 6.1 | 6.1 | 9y ago | In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action. | |||
| CVE-2017-8451 | medium | 6.1 | 6.1 | 9y ago | With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. | |||
| CVE-2017-9419 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter. | |||
| CVE-2017-8551 | medium | 6.1 | 6.1 | 9y ago | An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint XSS vulnerability". | |||
| CVE-2017-9624 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted currency decimal-sign data. | |||
| CVE-2017-9623 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data. | |||
| CVE-2017-9622 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data. | |||
| CVE-2017-9621 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in modules/Base/Lang/Administrator/update_translation.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script o… | |||
| CVE-2017-9464 | medium | 6.1 | 6.1 | 9y ago | An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The identificatio… | |||
| CVE-2017-6675 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected … | |||
| CVE-2017-6670 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect is… | |||
| CVE-2017-6661 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to … | |||
| CVE-2017-4967 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x v… | |||
| CVE-2017-4965 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x v… | |||
| CVE-2017-7665 | medium | 6.1 | 6.1 | 9y ago | Cross-site Scripting in Apache NiFi | |||
| CVE-2017-5003 | medium | 6.1 | 6.1 | 9y ago | EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) v… | |||
| CVE-2017-2187 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-9523 | medium | 6.1 | 6.1 | 9y ago | The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342. | |||
| CVE-2017-1178 | medium | 6.1 | 6.1 | 9y ago | IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inten… | |||
| CVE-2017-9451 | medium | 6.1 | 6.1 | 9y ago | Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized… | |||
| CVE-2017-8920 | medium | 6.1 | 6.1 | 9y ago | irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS. | |||
| CVE-2017-9332 | medium | 6.1 | 6.1 | 9y ago | The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag. | |||
| CVE-2017-9420 | medium | 6.1 | 6.1 | 9y ago | Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter. | |||
| CVE-2017-8440 | medium | 6.1 | 6.1 | 9y ago | Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions … | |||
| CVE-2017-8439 | medium | 6.1 | 6.1 | 9y ago | Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. This bug could allow an attacker to obtain sensitive information from Kibana users. | |||
| CVE-2017-9361 | medium | 6.1 | 6.1 | 9y ago | WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php. | |||
| CVE-2017-7384 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF allows remote attackers to inject arbitrary web script or HTML via the currentHTMLURL parameter. | |||
| CVE-2017-3127 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation. | |||
| CVE-2017-9337 | medium | 6.1 | 6.1 | 9y ago | The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS vulnerability in the content of a post. | |||
| CVE-2017-9336 | medium | 6.1 | 6.1 | 9y ago | The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post. | |||
| CVE-2017-9306 | medium | 6.1 | 6.1 | 9y ago | inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring. | |||
| CVE-2017-9305 | medium | 6.1 | 6.1 | 9y ago | lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newslet… | |||
| CVE-2017-2307 | medium | 6.1 | 6.1 | 9y ago | A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remote attackers to steal sensitive information or pe… | |||
| CVE-2017-9303 | medium | 6.1 | 6.1 | 9y ago | Laravel does not properly constrain the host portion of a password-reset URL | |||
| CVE-2017-9299 | medium | 6.1 | 6.1 | 9y ago | Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because… | |||
| CVE-2017-9297 | medium | 6.1 | 6.1 | 9y ago | Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites. | |||
| CVE-2017-9296 | medium | 6.1 | 6.1 | 9y ago | Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites. | |||
| CVE-2017-9292 | medium | 6.1 | 6.1 | 9y ago | Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782. | |||
| CVE-2017-9289 | medium | 6.1 | 6.1 | 9y ago | Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-source\ui\editor.php (edit parameter). | |||
| CVE-2017-9288 | medium | 6.1 | 6.1 | 9y ago | The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter). | |||
| CVE-2017-9252 | medium | 6.1 | 6.1 | 9y ago | andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the search page via the text-search parameter to index.php in a route=search action. | |||
| CVE-2017-9251 | medium | 6.1 | 6.1 | 9y ago | andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php. | |||
| CVE-2017-9243 | medium | 6.1 | 6.1 | 9y ago | Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 has XSS on the Wireless Site Survey page, exploitable with the name of an access point. | |||
| CVE-2017-7296 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page (aka mqtt.html) of cc26xx-web-demo. The cc26xx-web-demo features a… | |||
| CVE-2017-7343 | medium | 6.1 | 6.1 | 9y ago | An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter. | |||
| CVE-2017-7339 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add R… | |||
| CVE-2017-3129 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb … | |||
| CVE-2017-3126 | medium | 6.1 | 6.1 | 9y ago | An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter. | |||
| CVE-2017-1325 | medium | 6.1 | 6.1 | 9y ago | IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea… | |||
| CVE-2017-9037 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) S44, (2) S5, (3… |