CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-14752 | medium | 5.4 | 5.4 | 9y ago | Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as th… | |||
| CVE-2017-3933 | medium | 5.4 | 5.4 | 9y ago | Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request fo… | |||
| CVE-2017-16230 | medium | 5.4 | 5.4 | 9y ago | In admin/write-post.php in Typecho through 1.1, one can log in to the background page, write a new article, and add payload in the article content, resulting in XSS via index.php/action/contents-post… | |||
| CVE-2017-15888 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the… | |||
| CVE-2017-12460 | medium | 5.4 | 5.4 | 9y ago | An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. An authenticated user can manage the wallpaper collection in the webUI to be shown as… | |||
| CVE-2017-15947 | medium | 5.4 | 5.4 | 9y ago | Simple ASC Content Management System v1.2 has XSS in the location field in the sign function, related to guestbook.asp, formgb.asp, and msggb.asp. | |||
| CVE-2017-15936 | medium | 5.4 | 5.4 | 9y ago | In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed. | |||
| CVE-2017-15934 | medium | 5.4 | 5.4 | 9y ago | Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scripting in the map name parameter. | |||
| CVE-2017-12158 | medium | 5.4 | 5.4 | 9y ago | Keycloak Reflected XSS | |||
| CVE-2017-7335 | medium | 5.4 | 5.4 | 9y ago | A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated us… | |||
| CVE-2017-1363 | medium | 5.4 | 5.4 | 9y ago | IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea… | |||
| CVE-2017-1169 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality po… | |||
| CVE-2017-1164 | medium | 5.4 | 5.4 | 9y ago | IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin… | |||
| CVE-2017-1209 | medium | 5.4 | 5.4 | 9y ago | IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alter… | |||
| CVE-2017-15811 | medium | 5.4 | 5.4 | 9y ago | The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assets_url parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php. | |||
| CVE-2017-10425 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Service Host). Supported versions that are affected are 2.6, 2.7, 2.8 and 2.9. Easily expl… | |||
| CVE-2017-10423 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.2, 13.3, 13.4, 14.0 and 14.1. Easily explo… | |||
| CVE-2017-10400 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration Graphical User Interface). The supported version that is affected is 3.1.2. Easily exp… | |||
| CVE-2017-10395 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: GangwayActivityWebApp). The supported version that is affected is 9.0.2.0. … | |||
| CVE-2017-10394 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitab… | |||
| CVE-2017-10367 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Engagement). Supported versions that are affected are 2.8 and 2.9. Easily exploitable vuln… | |||
| CVE-2017-10359 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hyperion BI+ component of Oracle Hyperion (subcomponent: UI and Visualization). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows… | |||
| CVE-2017-10340 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). Supported versions that are affected are 2.8 and 2.9. Easily exploitable v… | |||
| CVE-2017-10337 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vul… | |||
| CVE-2017-10304 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the PeopleSoft Enterprise HCM component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows… | |||
| CVE-2017-10277 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Net). Supported versions that are affected are 6.9.9 and earlier. Easily exploitable vulnerability allows unau… | |||
| CVE-2017-10162 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Siebel Core - Server Framework component of Oracle Siebel CRM (subcomponent: Services). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability a… | |||
| CVE-2017-15538 | medium | 5.4 | 5.4 | 9y ago | Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to th… | |||
| CVE-2017-15360 | medium | 5.4 | 5.4 | 9y ago | PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all group names created, related to incorrect error handling for an HTML encoded script. | |||
| CVE-2017-11820 | medium | 5.4 | 5.4 | 9y ago | Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted … | |||
| CVE-2017-11777 | medium | 5.4 | 5.4 | 9y ago | Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted … | |||
| CVE-2017-11775 | medium | 5.4 | 5.4 | 9y ago | Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted … | |||
| CVE-2017-15279 | medium | 5.4 | 5.4 | 9y ago | Umbraco CMS vulnerable to stored XSS | |||
| CVE-2017-15278 | medium | 5.4 | 5.4 | 9y ago | TeamPass Cross-Site Scripting (XSS) | |||
| CVE-2017-8016 | medium | 5.4 | 5.4 | 9y ago | RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in… | |||
| CVE-2017-14370 | medium | 5.4 | 5.4 | 9y ago | RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in … | |||
| CVE-2017-14587 | medium | 5.4 | 5.4 | 9y ago | The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulner… | |||
| CVE-2017-7352 | medium | 5.4 | 5.4 | 9y ago | Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System > Configu… | |||
| CVE-2017-15214 | medium | 5.4 | 5.4 | 9y ago | Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (incl… | |||
| CVE-2017-15213 | medium | 5.4 | 5.4 | 9y ago | Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/temp… | |||
| CVE-2017-15219 | medium | 5.4 | 5.4 | 9y ago | The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field. | |||
| CVE-2017-14973 | medium | 5.4 | 5.4 | 9y ago | IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user pag… | |||
| CVE-2017-1522 | medium | 5.4 | 5.4 | 9y ago | IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended… | |||
| CVE-2017-12269 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web UI of Cisco Spark Messaging Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insuff… | |||
| CVE-2017-1000103 | medium | 5.4 | 5.4 | 9y ago | Persistent XSS vulnerability in Jenkins DRY Plugin | |||
| CVE-2017-1000102 | medium | 5.4 | 5.4 | 9y ago | Persistent XSS vulnerability in Static Analysis Utilities | |||
| CVE-2017-1000088 | medium | 5.4 | 5.4 | 9y ago | Persisted XSS Vulnerability in Jenkins Sidebar Link Plugin | |||
| CVE-2017-14985 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the url parameter to module… | |||
| CVE-2017-14984 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the bp_name parameter to /m… | |||
| CVE-2017-14981 | medium | 5.4 | 5.4 | 9y ago | Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data (url in /mods/_standard/rss_feeds/edit_feed.php). An attacker could i… | |||
| CVE-2017-1429 | medium | 5.4 | 5.4 | 9y ago | IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… | |||
| CVE-2017-1369 | medium | 5.4 | 5.4 | 9y ago | IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… | |||
| CVE-2017-1364 | medium | 5.4 | 5.4 | 9y ago | IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… | |||
| CVE-2017-1359 | medium | 5.4 | 5.4 | 9y ago | IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… | |||
| CVE-2017-1345 | medium | 5.4 | 5.4 | 9y ago | IBM Insights Foundation for Energy 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality… | |||
| CVE-2017-1335 | medium | 5.4 | 5.4 | 9y ago | IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… | |||
| CVE-2017-1334 | medium | 5.4 | 5.4 | 9y ago | IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… | |||
| CVE-2017-1324 | medium | 5.4 | 5.4 | 9y ago | IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… | |||
| CVE-2017-14923 | medium | 5.4 | 5.4 | 9y ago | Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by… | |||
| CVE-2017-14922 | medium | 5.4 | 5.4 | 9y ago | Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is m… | |||
| CVE-2017-14921 | medium | 5.4 | 5.4 | 9y ago | Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rend… | |||
| CVE-2017-14753 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to mod… | |||
| CVE-2017-1531 | medium | 5.4 | 5.4 | 9y ago | IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct… | |||
| CVE-2017-1530 | medium | 5.4 | 5.4 | 9y ago | IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct… | |||
| CVE-2017-1425 | medium | 5.4 | 5.4 | 9y ago | IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct… | |||
| CVE-2017-1424 | medium | 5.4 | 5.4 | 9y ago | IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot… | |||
| CVE-2017-14725 | medium | 5.4 | 5.4 | 9y ago | Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. | |||
| CVE-2017-14716 | medium | 5.4 | 5.4 | 9y ago | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter. | |||
| CVE-2017-14715 | medium | 5.4 | 5.4 | 9y ago | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter. | |||
| CVE-2017-14714 | medium | 5.4 | 5.4 | 9y ago | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter. | |||
| CVE-2017-14713 | medium | 5.4 | 5.4 | 9y ago | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Description parameter. | |||
| CVE-2017-14321 | medium | 5.4 | 5.4 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) cust… | |||
| CVE-2017-14621 | medium | 5.4 | 5.4 | 9y ago | Portus 2.2.0 has XSS via the Team field, related to typeahead. | |||
| CVE-2017-4926 | medium | 5.4 | 5.4 | 9y ago | VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which … | |||
| CVE-2017-1002011 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value->gallery_name and $value->gallery_description where anyone with privileges to… | |||
| CVE-2017-3165 | medium | 5.4 | 5.4 | 9y ago | Cross-site Scripting In Apache Brooklyn | |||
| CVE-2017-13724 | medium | 5.4 | 5.4 | 9y ago | On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site Scripting vulnerability in the APN parameter under the "Basic Settings" page. | |||
| CVE-2017-8745 | medium | 5.4 | 5.4 | 9y ago | An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint serv… | |||
| CVE-2017-8629 | medium | 5.4 | 5.4 | 9y ago | Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of privilege vulnerability when it fails to properly sanitize a specially crafted web request to an affected SharePoint server, aka… | |||
| CVE-2017-7735 | medium | 5.4 | 5.4 | 9y ago | A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while c… | |||
| CVE-2017-7734 | medium | 5.4 | 5.4 | 9y ago | A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions. | |||
| CVE-2017-14241 | medium | 5.4 | 5.4 | 9y ago | Dolibarr ERP and CRM contain XSS Vulnerability | |||
| CVE-2017-14239 | medium | 5.4 | 5.4 | 9y ago | Dolibarr cross-site scripting (XSS) vulnerability | |||
| CVE-2017-11611 | medium | 5.4 | 5.4 | 9y ago | Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of the file name in a "create-file-popup" action, and the directory name in a "cr… | |||
| CVE-2017-12227 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failur… | |||
| CVE-2017-12221 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interf… | |||
| CVE-2017-1502 | medium | 5.4 | 5.4 | 9y ago | IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended… | |||
| CVE-2017-1098 | medium | 5.4 | 5.4 | 9y ago | IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended … | |||
| CVE-2017-1449 | medium | 5.4 | 5.4 | 9y ago | IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote att… | |||
| CVE-2017-1447 | medium | 5.4 | 5.4 | 9y ago | IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot… | |||
| CVE-2017-1444 | medium | 5.4 | 5.4 | 9y ago | IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot… | |||
| CVE-2017-14049 | medium | 5.4 | 5.4 | 9y ago | In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the Website header or Website footer field. | |||
| CVE-2017-1446 | medium | 5.4 | 5.4 | 9y ago | IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended f… | |||
| CVE-2017-1445 | medium | 5.4 | 5.4 | 9y ago | IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended f… | |||
| CVE-2017-1535 | medium | 5.4 | 5.4 | 9y ago | IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially … | |||
| CVE-2017-1485 | medium | 5.4 | 5.4 | 9y ago | IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially … | |||
| CVE-2017-2256 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo". | |||
| CVE-2017-2255 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space". | |||
| CVE-2017-9555 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter. | |||
| CVE-2017-12879 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENSORS functionality in Paessler PRTG Network Monitor before 17.3.33.2654 allows authenticated remote attackers to inject arbitrary … |