CVEs from 2017
Total
11,664
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-7271 | medium | 6.1 | 6.1 | 9y ago | Yii Framework Reflected XSS | |||
| CVE-2017-6067 | medium | 6.1 | 6.1 | 9y ago | Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field. | |||
| CVE-2017-6003 | medium | 6.1 | 6.1 | 9y ago | dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields. | |||
| CVE-2017-2645 | medium | 6.1 | 6.1 | 9y ago | Moodle XSS in attachments to evidence of prior learning | |||
| CVE-2017-2644 | medium | 6.1 | 6.1 | 9y ago | Moodle XSS Vulnerability | |||
| CVE-2017-7266 | medium | 6.1 | 6.1 | 9y ago | Netflix Security Monkey Open Redirect vulnerability | |||
| CVE-2017-7251 | medium | 6.1 | 6.1 | 9y ago | Pi Cross-site Scripting vulnerability | |||
| CVE-2017-7250 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data (action) passed to the 'Gazelle-master/sections… | |||
| CVE-2017-7249 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. The vulnerabilities exist due to insufficient filtration of user-supplied data (action, userid) passed to the 'Gazell… | |||
| CVE-2017-7248 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data (type) passed to the 'Gazelle-master/sections/b… | |||
| CVE-2017-7247 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. The vulnerabilities exist due to insufficient filtration of user-supplied data (torrents, size) passed to the 'Gazell… | |||
| CVE-2017-7242 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkout_item.php, bibliography/dl_print.… | |||
| CVE-2017-5673 | medium | 6.1 | 6.1 | 9y ago | In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS. Six files are affected: crypsis/layouts/message/item/default… | |||
| CVE-2017-7222 | medium | 6.1 | 6.1 | 9y ago | A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' i… | |||
| CVE-2017-7215 | medium | 6.1 | 6.1 | 9y ago | Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP before 2.4… | |||
| CVE-2017-7205 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting (XSS) was discovered in GamePanelX-V3 3.0.12. The vulnerability exists due to insufficient filtration of user-supplied data (a) passed to the "GamePanelX-V3-master/ajax/ajax.ph… | |||
| CVE-2017-7204 | medium | 6.1 | 6.1 | 9y ago | imdbphp Cross-Site Scripting (XSS) | |||
| CVE-2017-7203 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-maste… | |||
| CVE-2017-7202 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana before 2017-03-16. The vulnerabilities exist due to insufficient filtration of user-supplied data (id) passed to the 'slims7_cen… | |||
| CVE-2017-3872 | medium | 6.1 | 6.1 | 9y ago | A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS a… | |||
| CVE-2017-3868 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-ba… | |||
| CVE-2017-3866 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web framework code of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web int… | |||
| CVE-2017-6958 | medium | 6.1 | 6.1 | 9y ago | An XSS vulnerability in the MantisBT Source Integration Plugin (before 2.0.2) search result page allows an attacker to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by cr… | |||
| CVE-2017-0110 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Microsoft Exchange Outlook Web Access (OWA) allows remote attackers to inject arbitrary web script or HTML via a crafted email or chat client, aka "Microso… | |||
| CVE-2017-0107 | medium | 6.1 | 6.1 | 9y ago | Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local security context, aka "Microsoft SharePoint XSS Vulnerability." | |||
| CVE-2017-0055 | medium | 6.1 | 6.1 | 9y ago | Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, a… | |||
| CVE-2017-0017 | medium | 6.1 | 6.1 | 9y ago | The RegEx class in the XSS filter in Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Edge… | |||
| CVE-2017-5938 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via t… | |||
| CVE-2017-6909 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Shimmie <= 2.5.1. The vulnerability exists due to insufficient filtration of user-supplied data (log) passed to the "shimmie2-master/ext/chatbox/history/index.php" URL. An … | |||
| CVE-2017-6908 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (fID) passed to the "concrete5-legacy-master/web/concrete/tools/files/se… | |||
| CVE-2017-6907 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Open.GL before 2017-03-13. The vulnerability exists due to insufficient filtration of user-supplied data (content) passed to the "Open.GL-master/index.php" URL. An attacker… | |||
| CVE-2017-6906 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in SiberianCMS before 4.10.0. The vulnerability exists due to insufficient filtration of user-supplied data (log) passed to the "SiberianCMS-master/errors/500.php" URL. An a… | |||
| CVE-2017-6905 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (disable_choose) passed to the "concrete5-legacy-master/web/concrete/too… | |||
| CVE-2017-6877 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in SVG file handling in Lutim 0.7.1 and earlier allows remote attackers to inject arbitrary web script. | |||
| CVE-2017-6807 | medium | 6.1 | 6.1 | 9y ago | mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site… | |||
| CVE-2017-5621 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. XSS can be triggered via malicious HTML in a chat message or the content of a ticket article, when using ei… | |||
| CVE-2017-5620 | medium | 6.1 | 6.1 | 9y ago | An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of exe… | |||
| CVE-2017-6820 | medium | 6.1 | 6.1 | 9y ago | rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element. | |||
| CVE-2017-6818 | medium | 6.1 | 6.1 | 9y ago | In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names. | |||
| CVE-2017-6815 | medium | 6.1 | 6.1 | 9y ago | In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation. | |||
| CVE-2017-6812 | medium | 6.1 | 6.1 | 9y ago | paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.vote.php (id parameter). | |||
| CVE-2017-6811 | medium | 6.1 | 6.1 | 9y ago | paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.shop.php (id parameter). | |||
| CVE-2017-6810 | medium | 6.1 | 6.1 | 9y ago | paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.fplinks.php (linkid parameter). | |||
| CVE-2017-6809 | medium | 6.1 | 6.1 | 9y ago | paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.donate.php (id parameter). | |||
| CVE-2017-6808 | medium | 6.1 | 6.1 | 9y ago | paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.faq.php (id parameter). | |||
| CVE-2017-6799 | medium | 6.1 | 6.1 | 9y ago | A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter. | |||
| CVE-2017-6797 | medium | 6.1 | 6.1 | 9y ago | A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' par… | |||
| CVE-2017-6591 | medium | 6.1 | 6.1 | 9y ago | There is a cross-site scripting vulnerability in django-epiceditor 0.2.3 via crafted content in a form field. | |||
| CVE-2017-6589 | medium | 6.1 | 6.1 | 9y ago | EpicEditor XSS Vulnerability | |||
| CVE-2017-6562 | medium | 6.1 | 6.1 | 9y ago | XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack. | |||
| CVE-2017-6561 | medium | 6.1 | 6.1 | 9y ago | XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack. | |||
| CVE-2017-6560 | medium | 6.1 | 6.1 | 9y ago | XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[XSS]&editObjId=[XSS] attack. | |||
| CVE-2017-6559 | medium | 6.1 | 6.1 | 9y ago | XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif[]=[XSS] attack. | |||
| CVE-2017-6544 | medium | 6.1 | 6.1 | 9y ago | Gargaj/wuhu through 2017-03-08 is vulnerable to a reflected XSS in wuhu-master/www_admin/users.php (id parameter). | |||
| CVE-2017-6541 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, time) passed to the webpagete… | |||
| CVE-2017-6540 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (configs) passed to the webpagetest-maste… | |||
| CVE-2017-6539 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, time) passed to the webpagete… | |||
| CVE-2017-6538 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (video) passed to the webpagetest-master/www/speedi… | |||
| CVE-2017-6537 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (bgcolor) passed to the webpagetest-master/www/vide… | |||
| CVE-2017-6536 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (url, pssid) passed to the webpagetest-ma… | |||
| CVE-2017-6535 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, url) passed to the webpagetes… | |||
| CVE-2017-6534 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (pssid) passed to the webpagetest-master/www/pss.ph… | |||
| CVE-2017-6533 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (benchmark) passed to the webpagetest-master/www/be… | |||
| CVE-2017-6518 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in /sanadata/seo/index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the txtFrom parameter. | |||
| CVE-2017-6511 | medium | 6.1 | 6.1 | 9y ago | andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php. | |||
| CVE-2017-6509 | medium | 6.1 | 6.1 | 9y ago | Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a reflected XSS in admin/components/menu/views/menuitems.php (id parameter). | |||
| CVE-2017-6508 | medium | 6.1 | 6.1 | 9y ago | CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. | |||
| CVE-2017-5197 | medium | 6.1 | 6.1 | 9y ago | Silverstripe CMS XSS Vulnerability | |||
| CVE-2017-6504 | medium | 6.1 | 6.1 | 9y ago | WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking. | |||
| CVE-2017-6503 | medium | 6.1 | 6.1 | 9y ago | WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS. | |||
| CVE-2017-6446 | medium | 6.1 | 6.1 | 9y ago | XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters. | |||
| CVE-2017-6491 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (tooltip_id, callback, args, cid) passed to… | |||
| CVE-2017-6490 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (cid, value, element, mode, tab, form_name,… | |||
| CVE-2017-6489 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (element, state, cat, id, cid) passed to th… | |||
| CVE-2017-6488 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (visible, tab, cid) passed to the EPESI-mas… | |||
| CVE-2017-6487 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (state, element, id, tab, cid) passed to th… | |||
| CVE-2017-6486 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting (XSS) issue was discovered in reasoncms before 4.7.1. The vulnerability exists due to insufficient filtration of user-supplied data (nyroModalSel) passed to the "reasoncms-mast… | |||
| CVE-2017-6485 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the "php-calend… | |||
| CVE-2017-6484 | medium | 6.1 | 6.1 | 9y ago | INTER-Mediator Cross-Site Scripting (XSS) | |||
| CVE-2017-6483 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (lang_code in themes… | |||
| CVE-2017-6481 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) issues were discovered in phpipam 1.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (instructions in app/… | |||
| CVE-2017-6480 | medium | 6.1 | 6.1 | 9y ago | groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS in commons/browser.php (path parameter). | |||
| CVE-2017-6479 | medium | 6.1 | 6.1 | 9y ago | FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a reflected XSS in forums/search.php (search-by-topic parameter). | |||
| CVE-2017-5833 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via un… | |||
| CVE-2017-5616 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter. | |||
| CVE-2017-5615 | medium | 6.1 | 6.1 | 9y ago | cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location. | |||
| CVE-2017-5614 | medium | 6.1 | 6.1 | 9y ago | Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure … | |||
| CVE-2017-5571 | medium | 6.1 | 6.1 | 9y ago | Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License S… | |||
| CVE-2017-6103 | medium | 6.1 | 6.1 | 9y ago | Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1. | |||
| CVE-2017-6102 | medium | 6.1 | 6.1 | 9y ago | Persistent XSS in wordpress plugin rockhoist-badges v1.2.2. | |||
| CVE-2017-6397 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in FlightAirMap v1.0-beta.10. The vulnerability exists due to insufficient filtration of user-supplied data in multiple parameters passed to several *-sub-menu.php pages. An a… | |||
| CVE-2017-6396 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in WPO-Foundation WebPageTest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "webpagetest-master/www/compare-cf.php" URL. An … | |||
| CVE-2017-6395 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in HashOver 2.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the 'hashover/scripts/widget-output.php' URL. An attacker could execut… | |||
| CVE-2017-6394 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) issues were discovered in OpenEMR 5.0.0 and 5.0.1-dev. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to the "openemr-master… | |||
| CVE-2017-6393 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in NagVis 1.9b12. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "nagvis-master/share/userfiles/gadgets/std_table.php" URL. An att… | |||
| CVE-2017-6392 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "server-Lynx-12.11.0/admin_console/web/tools/XmlJWP… | |||
| CVE-2017-6391 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "admin_console/web/tools/SimpleJWPlayer.php" URL, t… | |||
| CVE-2017-6390 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in whatanime.ga before c334dd8499a681587dd4199e90b0aa0eba814c1d. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "whatanime.ga-mast… | |||
| CVE-2017-6099 | medium | 6.1 | 6.1 | 9y ago | PayPal PHP Merchant SDK Cross-site scripting (XSS) vulnerability | |||
| CVE-2017-3845 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a u… |