CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0392 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability in VBRISeeker.cpp in libstagefright in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rat… | |||
| CVE-2017-0391 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability in decoder/ihevcd_decode.c in libhevc in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is r… | |||
| CVE-2017-0390 | medium | 5.5 | 5.5 | 10y ago | A denial of service vulnerability in Tremolo/dpen.s in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to … | |||
| CVE-2017-0388 | medium | 5.5 | 5.5 | 10y ago | An elevation of privilege vulnerability in the External Storage Provider could enable a local secondary user to read data from an external storage SD card inserted by the primary user. This issue is … | |||
| CVE-2017-2947 | medium | 5.5 | 5.5 | 10y ago | Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have a security bypass vulnerability when manipulating Form Data Format (FDF). | |||
| CVE-2017-5217 | medium | 5.5 | 5.5 | 10y ago | Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. Th… | |||
| CVE-2017-5216 | medium | 5.5 | 5.5 | 10y ago | Stack-based buffer overflow vulnerability in Netop Remote Control versions 11.53, 12.21 and prior. The affected module in the Guest client is the "Import to Phonebook" option. When a specially design… | |||
| CVE-2017-14506 | medium | 5.4 | 5.4 | 4y ago | Gem in a Box vulnerable to Cross-site Scripting | |||
| CVE-2017-18004 | medium | 5.4 | 5.4 | 9y ago | Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint. | |||
| CVE-2017-17995 | medium | 5.4 | 5.4 | 9y ago | Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request. | |||
| CVE-2017-17994 | medium | 5.4 | 5.4 | 9y ago | Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request. | |||
| CVE-2017-17993 | medium | 5.4 | 5.4 | 9y ago | Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request. | |||
| CVE-2017-17991 | medium | 5.4 | 5.4 | 9y ago | Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request. | |||
| CVE-2017-17989 | medium | 5.4 | 5.4 | 9y ago | Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action. | |||
| CVE-2017-17981 | medium | 5.4 | 5.4 | 9y ago | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter. | |||
| CVE-2017-15892 | medium | 5.4 | 5.4 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND… | |||
| CVE-2017-17904 | medium | 5.4 | 5.4 | 9y ago | FS Lynda Clone has XSS via the keywords parameter to tutorial/ or the edit_profile_first_name parameter to user/edit_profile. | |||
| CVE-2017-17832 | medium | 5.4 | 5.4 | 9y ago | ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter, … | |||
| CVE-2017-1365 | medium | 5.4 | 5.4 | 9y ago | IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScrip… | |||
| CVE-2017-15312 | medium | 5.4 | 5.4 | 9y ago | Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) vulnerability in the dashboard module. A remote authenticated attacker could exploit this vulnerability to inject malicious script… | |||
| CVE-2017-14363 | medium | 5.4 | 5.4 | 9y ago | Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62. The vulnerability could be remotely exploited to allow Cross-Site Scrip… | |||
| CVE-2017-0304 | medium | 5.4 | 5.4 | 9y ago | A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact t… | |||
| CVE-2017-5258 | medium | 5.4 | 5.4 | 9y ago | In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or can guess the RW community string can provide a URL for a configuration file over SNMP with XSS strings in certain… | |||
| CVE-2017-5257 | medium | 5.4 | 5.4 | 9y ago | In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execute… | |||
| CVE-2017-5256 | medium | 5.4 | 5.4 | 9y ago | In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and tho… | |||
| CVE-2017-17745 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter. | |||
| CVE-2017-1751 | medium | 5.4 | 5.4 | 9y ago | IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering th… | |||
| CVE-2017-1600 | medium | 5.4 | 5.4 | 9y ago | IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended… | |||
| CVE-2017-1494 | medium | 5.4 | 5.4 | 9y ago | IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten… | |||
| CVE-2017-1266 | medium | 5.4 | 5.4 | 9y ago | IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741. | |||
| CVE-2017-12072 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id par… | |||
| CVE-2017-12630 | medium | 5.4 | 5.4 | 9y ago | Apache Drill vulnerable to Cross-site Scripting | |||
| CVE-2017-17694 | medium | 5.4 | 5.4 | 9y ago | Techno - Portfolio Management Panel through 2017-11-16 allows XSS via the panel/search.php s parameter. | |||
| CVE-2017-1546 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intend… | |||
| CVE-2017-1683 | medium | 5.4 | 5.4 | 9y ago | IBM Connections Engagement Center 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality … | |||
| CVE-2017-1632 | medium | 5.4 | 5.4 | 9y ago | IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentia… | |||
| CVE-2017-1549 | medium | 5.4 | 5.4 | 9y ago | IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentia… | |||
| CVE-2017-1536 | medium | 5.4 | 5.4 | 9y ago | IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI th… | |||
| CVE-2017-1498 | medium | 5.4 | 5.4 | 9y ago | IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin… | |||
| CVE-2017-1482 | medium | 5.4 | 5.4 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun… | |||
| CVE-2017-1465 | medium | 5.4 | 5.4 | 9y ago | IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit thi… | |||
| CVE-2017-1354 | medium | 5.4 | 5.4 | 9y ago | IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functi… | |||
| CVE-2017-17094 | medium | 5.4 | 5.4 | 9y ago | wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL. | |||
| CVE-2017-17093 | medium | 5.4 | 5.4 | 9y ago | wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language settin… | |||
| CVE-2017-17092 | medium | 5.4 | 5.4 | 9y ago | wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted fi… | |||
| CVE-2017-12358 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack a… | |||
| CVE-2017-12357 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a us… | |||
| CVE-2017-12349 | medium | 5.4 | 5.4 | 9y ago | Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affecte… | |||
| CVE-2017-12348 | medium | 5.4 | 5.4 | 9y ago | Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affecte… | |||
| CVE-2017-14186 | medium | 5.4 | 5.4 | 9y ago | A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or H… | |||
| CVE-2017-14379 | medium | 5.4 | 5.4 | 9y ago | EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||
| CVE-2017-1689 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit… | |||
| CVE-2017-1688 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit… | |||
| CVE-2017-1678 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… | |||
| CVE-2017-1650 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit… | |||
| CVE-2017-1607 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit… | |||
| CVE-2017-1593 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… | |||
| CVE-2017-1560 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… | |||
| CVE-2017-1461 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… | |||
| CVE-2017-15051 | medium | 5.4 | 5.4 | 9y ago | TeamPass stored cross-site scripting (XSS) vulnerability | |||
| CVE-2017-8178 | medium | 5.4 | 5.4 | 9y ago | Huawei Email APP Vicky-AL00 smartphones with software of earlier than VKY-AL00C00B171 versions has a stored cross-site scripting vulnerability. A remote attacker could exploit this vulnerability to s… | |||
| CVE-2017-2713 | medium | 5.4 | 5.4 | 9y ago | HUAWEI P9 smartphones with software versions earlier before EVA-L09C432B383, versions earlier before EVA-L09C636B380, versions earlier before VIE-L09C432B370, versions earlier before VIE-L29C636B370 … | |||
| CVE-2017-7736 | medium | 5.4 | 5.4 | 9y ago | A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special cra… | |||
| CVE-2017-16919 | medium | 5.4 | 5.4 | 9y ago | MapOS 3.1.11 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in /clientes/visualizar, which allows remote attackers to inject arbitrary web script or HTML via a crafted description … | |||
| CVE-2017-16908 | medium | 5.4 | 5.4 | 9y ago | In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the … | |||
| CVE-2017-16907 | medium | 5.4 | 5.4 | 9y ago | In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action. | |||
| CVE-2017-16906 | medium | 5.4 | 5.4 | 9y ago | In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action. | |||
| CVE-2017-1000227 | medium | 5.4 | 5.4 | 9y ago | Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can | |||
| CVE-2017-10886 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an atta… | |||
| CVE-2017-1000223 | medium | 5.4 | 5.4 | 9y ago | A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious Java… | |||
| CVE-2017-1000164 | medium | 5.4 | 5.4 | 9y ago | Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation | |||
| CVE-2017-1000160 | medium | 5.4 | 5.4 | 9y ago | EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection | |||
| CVE-2017-1000240 | medium | 5.4 | 5.4 | 9y ago | The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote auth… | |||
| CVE-2017-1000239 | medium | 5.4 | 5.4 | 9y ago | InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of … | |||
| CVE-2017-4930 | medium | 5.4 | 5.4 | 9y ago | VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. Successful exploitation of … | |||
| CVE-2017-5532 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Libr… | |||
| CVE-2017-16821 | medium | 5.4 | 5.4 | 9y ago | b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP… | |||
| CVE-2017-9394 | medium | 5.4 | 5.4 | 9y ago | A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user. | |||
| CVE-2017-16810 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 (fixed in 3.13.7) allows remote attackers to inject arbitrary web script or HTML via the Variable Set … | |||
| CVE-2017-16802 | medium | 5.4 | 5.4 | 9y ago | In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added. | |||
| CVE-2017-16801 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in Octopus Deploy 3.7.0-3.17.13 (fixed in 3.17.14) allows remote authenticated users to inject arbitrary web script or HTML via the Step Template Name paramet… | |||
| CVE-2017-16799 | medium | 5.4 | 5.4 | 9y ago | In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-… | |||
| CVE-2017-16798 | medium | 5.4 | 5.4 | 9y ago | In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attacker… | |||
| CVE-2017-16636 | medium | 5.4 | 5.4 | 9y ago | In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validatio… | |||
| CVE-2017-16635 | medium | 5.4 | 5.4 | 9y ago | In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module. Remote attackers with low-privilege user accounts for backend acce… | |||
| CVE-2017-16564 | medium | 5.4 | 5.4 | 9y ago | Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor … | |||
| CVE-2017-14359 | medium | 5.4 | 5.4 | 9y ago | A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting. | |||
| CVE-2017-1000149 | medium | 5.4 | 5.4 | 9y ago | Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target="_blank" and window.open()) | |||
| CVE-2017-1000146 | medium | 5.4 | 5.4 | 9y ago | Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio p… | |||
| CVE-2017-1000140 | medium | 5.4 | 5.4 | 9y ago | Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to downl… | |||
| CVE-2017-1000138 | medium | 5.4 | 5.4 | 9y ago | Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title. | |||
| CVE-2017-1000137 | medium | 5.4 | 5.4 | 9y ago | Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard (rather than drag and drop). | |||
| CVE-2017-12294 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability is… | |||
| CVE-2017-1554 | medium | 5.4 | 5.4 | 9y ago | IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exp… | |||
| CVE-2017-1553 | medium | 5.4 | 5.4 | 9y ago | IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona… | |||
| CVE-2017-1552 | medium | 5.4 | 5.4 | 9y ago | IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to cond… | |||
| CVE-2017-1290 | medium | 5.4 | 5.4 | 9y ago | IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functio… | |||
| CVE-2017-1147 | medium | 5.4 | 5.4 | 9y ago | IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functio… | |||
| CVE-2017-1001001 | medium | 5.4 | 5.4 | 9y ago | PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges. | |||
| CVE-2017-15273 | medium | 5.4 | 5.4 | 9y ago | Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as ti… |