CVEs from 2017
Total
11,651
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9510 | medium | 5.4 | 5.4 | 9y ago | The repository changelog resource in Atlassian Fisheye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the s… | |||
| CVE-2017-9509 | medium | 5.4 | 5.4 | 9y ago | The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the ch… | |||
| CVE-2017-9508 | medium | 5.4 | 5.4 | 9y ago | Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name … | |||
| CVE-2017-9507 | medium | 5.4 | 5.4 | 9y ago | The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerabili… | |||
| CVE-2017-7422 | medium | 5.4 | 5.4 | 9y ago | Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 be… | |||
| CVE-2017-12978 | medium | 5.4 | 5.4 | 9y ago | lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user. | |||
| CVE-2017-12882 | medium | 5.4 | 5.4 | 9y ago | Spring Batch Admin vulnerable to Stored Cross-site scripting (XSS) in the file upload functionality | |||
| CVE-2017-12591 | medium | 5.4 | 5.4 | 9y ago | ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter. | |||
| CVE-2017-1338 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… | |||
| CVE-2017-6782 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to modify a page in the web interface of the affected application. The … | |||
| CVE-2017-9655 | medium | 5.4 | 5.4 | 9y ago | A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before… | |||
| CVE-2017-9556 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the titl… | |||
| CVE-2017-1431 | medium | 5.4 | 5.4 | 9y ago | IBM InfoSphere Streams 4.0, 4.1, and 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionali… | |||
| CVE-2017-1168 | medium | 5.4 | 5.4 | 9y ago | IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the … | |||
| CVE-2017-1448 | medium | 5.4 | 5.4 | 9y ago | IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-craf… | |||
| CVE-2017-8654 | medium | 5.4 | 5.4 | 9y ago | Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability when it does not properly sanitize a specially crafted web request to an affected SharePoint server, … | |||
| CVE-2017-8650 | medium | 5.4 | 5.4 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Fea… | |||
| CVE-2017-10230 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality Cruise Dining Room Management component of Oracle Hospitality Applications (subcomponent: SilverWhere). The supported version that is affected is 8.0.75. Easil… | |||
| CVE-2017-10229 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality Cruise Materials Management component of Oracle Hospitality Applications (subcomponent: Event Viewer). The supported version that is affected is 7.30.562. Easi… | |||
| CVE-2017-10228 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: Module). The supported version that is affected is 8.0.… | |||
| CVE-2017-10223 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Purchasing). Supported versions that are affected are 8.31.4 and 8.32.0. Easily e… | |||
| CVE-2017-10222 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Production Tool). Supported versions that are affected are 8.31.4 and 8.32.0. Eas… | |||
| CVE-2017-10142 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Mobile Apps). Supported versions that are affected are 8.5.1 and 9.0.0. Eas… | |||
| CVE-2017-10134 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: eProcurement). The supported version that is affected is 9.2. Easily exploitable vulnerability a… | |||
| CVE-2017-10098 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.… | |||
| CVE-2017-10094 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerabil… | |||
| CVE-2017-10073 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.… | |||
| CVE-2017-10072 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: All Modules). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1… | |||
| CVE-2017-10057 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Discussion Forum). The supported version that is affected is 9.1.0. Easily explo… | |||
| CVE-2017-10044 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Reporting). Supported versions that are affected are 8.5.1 and 9.0.0. Easil… | |||
| CVE-2017-10032 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Access Control List). Supported versions that are affected are 6.3.4.1, 6.3.5.1, 6… | |||
| CVE-2017-10027 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Homepage & Navigation). Supported versions that are affected are 8.54 and 8.55. Eas… | |||
| CVE-2017-10012 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Operations). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 1… | |||
| CVE-2017-10002 | medium | 5.4 | 5.4 | 9y ago | Vulnerability in the Oracle Hospitality Inventory Management component of Oracle Hospitality Applications (subcomponent: Settings and Config). Supported versions that are affected are 8.5.1 and 9.0.0… | |||
| CVE-2017-6871 | medium | 5.4 | 5.4 | 9y ago | A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attack… | |||
| CVE-2017-6769 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web-based management interface of the Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) atta… | |||
| CVE-2017-6764 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.5(1) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack ag… | |||
| CVE-2017-1331 | medium | 5.4 | 5.4 | 9y ago | IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality … | |||
| CVE-2017-1199 | medium | 5.4 | 5.4 | 9y ago | IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the We… | |||
| CVE-2017-12066 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer hea… | |||
| CVE-2017-1496 | medium | 5.4 | 5.4 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended f… | |||
| CVE-2017-11725 | medium | 5.4 | 5.4 | 9y ago | The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections. | |||
| CVE-2017-11647 | medium | 5.4 | 5.4 | 9y ago | NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to stored cross-site scripting attacks. Creating an SSID with an XSS payload results in su… | |||
| CVE-2017-11691 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. | |||
| CVE-2017-6749 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against… | |||
| CVE-2017-1380 | medium | 5.4 | 5.4 | 9y ago | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inten… | |||
| CVE-2017-1287 | medium | 5.4 | 5.4 | 9y ago | IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker c… | |||
| CVE-2017-1249 | medium | 5.4 | 5.4 | 9y ago | IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall… | |||
| CVE-2017-1245 | medium | 5.4 | 5.4 | 9y ago | IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the in… | |||
| CVE-2017-11594 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new threa… | |||
| CVE-2017-1372 | medium | 5.4 | 5.4 | 9y ago | IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended f… | |||
| CVE-2017-11441 | medium | 5.4 | 5.4 | 9y ago | The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka… | |||
| CVE-2017-11439 | medium | 5.4 | 5.4 | 9y ago | In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter. | |||
| CVE-2017-5247 | medium | 5.4 | 5.4 | 9y ago | Biscom Secure File Transfer is vulnerable to cross-site scripting in the File Name field. An authenticated user with permissions to upload or send files can populate this field with a filename that c… | |||
| CVE-2017-9609 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php. | |||
| CVE-2017-9338 | medium | 5.4 | 5.4 | 9y ago | Inadequate escaping lead to XSS vulnerability in the search module in ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2. To be exploitable a user has to… | |||
| CVE-2017-11128 | medium | 5.4 | 5.4 | 9y ago | Bolt stored Cross-site Scripting (XSS) | |||
| CVE-2017-11127 | medium | 5.4 | 5.4 | 9y ago | Bolt CMS Stored XSS | |||
| CVE-2017-8005 | medium | 5.4 | 5.4 | 9y ago | The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle… | |||
| CVE-2017-2339 | medium | 5.4 | 5.4 | 9y ago | A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript… | |||
| CVE-2017-2338 | medium | 5.4 | 5.4 | 9y ago | A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript… | |||
| CVE-2017-2337 | medium | 5.4 | 5.4 | 9y ago | A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript… | |||
| CVE-2017-2336 | medium | 5.4 | 5.4 | 9y ago | A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content… | |||
| CVE-2017-2335 | medium | 5.4 | 5.4 | 9y ago | A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript… | |||
| CVE-2017-1000023 | medium | 5.4 | 5.4 | 9y ago | LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document. | |||
| CVE-2017-11201 | medium | 5.4 | 5.4 | 9y ago | application/core/controller/images.php in FineCMS through 2017-07-12 allows remote authenticated admins to conduct XSS attacks by uploading an image via a route=images action. | |||
| CVE-2017-11182 | medium | 5.4 | 5.4 | 9y ago | In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable. | |||
| CVE-2017-11181 | medium | 5.4 | 5.4 | 9y ago | In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subject and Message fields are vulnerable. | |||
| CVE-2017-6734 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack aga… | |||
| CVE-2017-11163 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, r… | |||
| CVE-2017-2145 | medium | 5.4 | 5.4 | 9y ago | Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors. | |||
| CVE-2017-2144 | medium | 5.4 | 5.4 | 9y ago | Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page. | |||
| CVE-2017-10970 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error fun… | |||
| CVE-2017-1096 | medium | 5.4 | 5.4 | 9y ago | IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functio… | |||
| CVE-2017-1208 | medium | 5.4 | 5.4 | 9y ago | IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functi… | |||
| CVE-2017-1113 | medium | 5.4 | 5.4 | 9y ago | IBM Rational Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun… | |||
| CVE-2017-6717 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interf… | |||
| CVE-2017-6716 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web framework code of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of th… | |||
| CVE-2017-6715 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interf… | |||
| CVE-2017-6698 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote attacker to impact the confidentiali… | |||
| CVE-2017-6605 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a reflective cross-site scripting (XSS) attack a… | |||
| CVE-2017-1106 | medium | 5.4 | 5.4 | 9y ago | IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… | |||
| CVE-2017-5241 | medium | 5.4 | 5.4 | 9y ago | Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting (XSS) in the "Name" and "Description" fields of a Workspace, as well… | |||
| CVE-2017-1234 | medium | 5.4 | 5.4 | 9y ago | IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea… | |||
| CVE-2017-1348 | medium | 5.4 | 5.4 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun… | |||
| CVE-2017-1132 | medium | 5.4 | 5.4 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun… | |||
| CVE-2017-3948 | medium | 5.4 | 5.4 | 9y ago | Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecti… | |||
| CVE-2017-9674 | medium | 5.4 | 5.4 | 9y ago | In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?return_url=[XSS] exploitable as a regular or admin user. | |||
| CVE-2017-9613 | medium | 5.4 | 5.4 | 9y ago | Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality. | |||
| CVE-2017-8530 | medium | 5.4 | 5.4 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge does not p… | |||
| CVE-2017-8514 | medium | 5.4 | 5.4 | 9y ago | An information disclosure vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint Reflective XSS Vulnerability". | |||
| CVE-2017-1104 | medium | 5.4 | 5.4 | 9y ago | IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function… | |||
| CVE-2017-1102 | medium | 5.4 | 5.4 | 9y ago | IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function… | |||
| CVE-2017-1101 | medium | 5.4 | 5.4 | 9y ago | IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function… | |||
| CVE-2017-1100 | medium | 5.4 | 5.4 | 9y ago | IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function… | |||
| CVE-2017-1278 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web brow… | |||
| CVE-2017-1276 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended… | |||
| CVE-2017-1247 | medium | 5.4 | 5.4 | 9y ago | IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended… | |||
| CVE-2017-9548 | medium | 5.4 | 5.4 | 9y ago | admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Pa… | |||
| CVE-2017-9547 | medium | 5.4 | 5.4 | 9y ago | admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and… |