CVEs from 2017
Total
11,613
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-8551 | medium | 6.1 | 6.1 | 9y ago | An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint XSS vulnerability". | |||
| CVE-2017-9624 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted currency decimal-sign data. | |||
| CVE-2017-9623 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data. | |||
| CVE-2017-9622 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data. | |||
| CVE-2017-9621 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in modules/Base/Lang/Administrator/update_translation.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script o… | |||
| CVE-2017-9464 | medium | 6.1 | 6.1 | 9y ago | An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The identificatio… | |||
| CVE-2017-6675 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected … | |||
| CVE-2017-6670 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect is… | |||
| CVE-2017-6661 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to … | |||
| CVE-2017-4967 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x v… | |||
| CVE-2017-4965 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x v… | |||
| CVE-2017-7665 | medium | 6.1 | 6.1 | 9y ago | Cross-site Scripting in Apache NiFi | |||
| CVE-2017-5003 | medium | 6.1 | 6.1 | 9y ago | EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) v… | |||
| CVE-2017-2187 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-9523 | medium | 6.1 | 6.1 | 9y ago | The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342. | |||
| CVE-2017-1178 | medium | 6.1 | 6.1 | 9y ago | IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inten… | |||
| CVE-2017-9451 | medium | 6.1 | 6.1 | 9y ago | Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized… | |||
| CVE-2017-8920 | medium | 6.1 | 6.1 | 9y ago | irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS. | |||
| CVE-2017-9332 | medium | 6.1 | 6.1 | 9y ago | The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag. | |||
| CVE-2017-9420 | medium | 6.1 | 6.1 | 9y ago | Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter. | |||
| CVE-2017-8440 | medium | 6.1 | 6.1 | 9y ago | Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions … | |||
| CVE-2017-8439 | medium | 6.1 | 6.1 | 9y ago | Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. This bug could allow an attacker to obtain sensitive information from Kibana users. | |||
| CVE-2017-9361 | medium | 6.1 | 6.1 | 9y ago | WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php. | |||
| CVE-2017-7384 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF allows remote attackers to inject arbitrary web script or HTML via the currentHTMLURL parameter. | |||
| CVE-2017-3127 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation. | |||
| CVE-2017-9337 | medium | 6.1 | 6.1 | 9y ago | The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS vulnerability in the content of a post. | |||
| CVE-2017-9336 | medium | 6.1 | 6.1 | 9y ago | The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post. | |||
| CVE-2017-9306 | medium | 6.1 | 6.1 | 9y ago | inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring. | |||
| CVE-2017-9305 | medium | 6.1 | 6.1 | 9y ago | lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newslet… | |||
| CVE-2017-2307 | medium | 6.1 | 6.1 | 9y ago | A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remote attackers to steal sensitive information or pe… | |||
| CVE-2017-9303 | medium | 6.1 | 6.1 | 9y ago | Laravel does not properly constrain the host portion of a password-reset URL | |||
| CVE-2017-9299 | medium | 6.1 | 6.1 | 9y ago | Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because… | |||
| CVE-2017-9297 | medium | 6.1 | 6.1 | 9y ago | Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites. | |||
| CVE-2017-9296 | medium | 6.1 | 6.1 | 9y ago | Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites. | |||
| CVE-2017-9292 | medium | 6.1 | 6.1 | 9y ago | Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782. | |||
| CVE-2017-9289 | medium | 6.1 | 6.1 | 9y ago | Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-source\ui\editor.php (edit parameter). | |||
| CVE-2017-9288 | medium | 6.1 | 6.1 | 9y ago | The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter). | |||
| CVE-2017-9252 | medium | 6.1 | 6.1 | 9y ago | andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the search page via the text-search parameter to index.php in a route=search action. | |||
| CVE-2017-9251 | medium | 6.1 | 6.1 | 9y ago | andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php. | |||
| CVE-2017-9243 | medium | 6.1 | 6.1 | 9y ago | Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 has XSS on the Wireless Site Survey page, exploitable with the name of an access point. | |||
| CVE-2017-7296 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page (aka mqtt.html) of cc26xx-web-demo. The cc26xx-web-demo features a… | |||
| CVE-2017-7343 | medium | 6.1 | 6.1 | 9y ago | An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter. | |||
| CVE-2017-7339 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add R… | |||
| CVE-2017-3129 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb … | |||
| CVE-2017-3126 | medium | 6.1 | 6.1 | 9y ago | An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter. | |||
| CVE-2017-1325 | medium | 6.1 | 6.1 | 9y ago | IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea… | |||
| CVE-2017-9037 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) S44, (2) S5, (3… | |||
| CVE-2017-9032 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) T1 or (2) tmLas… | |||
| CVE-2017-5868 | medium | 6.1 | 6.1 | 9y ago | CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibl… | |||
| CVE-2017-7288 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) before 8.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2174 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2171 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form t… | |||
| CVE-2017-2169 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in MaxButtons prior to version 6.19 and MaxButtons Pro prior to version 6.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2168 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web sc… | |||
| CVE-2017-9140 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers … | |||
| CVE-2017-2549 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2497 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows remote attackers to trigger vi… | |||
| CVE-2017-6654 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based management interface of Cisco Unified Communications Manager 10.5 through 11.5 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS)… | |||
| CVE-2017-9072 | medium | 6.1 | 6.1 | 9y ago | Two CalendarXP products have XSS in common parts of HTML files. CalendarXP FlatCalendarXP through 9.9.290 has XSS in iflateng.htm and nflateng.htm. CalendarXP PopCalendarXP through 9.8.308 has XSS in… | |||
| CVE-2017-9068 | medium | 6.1 | 6.1 | 9y ago | MODX Revolution Reflected XSS | |||
| CVE-2017-9063 | medium | 6.1 | 6.1 | 9y ago | In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session. | |||
| CVE-2017-9061 | medium | 6.1 | 6.1 | 9y ago | In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filen… | |||
| CVE-2017-4011 | medium | 6.1 | 6.1 | 9y ago | Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of th… | |||
| CVE-2017-2164 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-8897 | medium | 6.1 | 6.1 | 9y ago | Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF… | |||
| CVE-2017-8892 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image. | |||
| CVE-2017-3894 | medium | 6.1 | 6.1 | 9y ago | A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions… | |||
| CVE-2017-7887 | medium | 6.1 | 6.1 | 9y ago | Dolibarr ERP and CRM contain XSS Vulnerability | |||
| CVE-2017-8876 | medium | 6.1 | 6.1 | 9y ago | Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to content/content.blueprintssections.php. | |||
| CVE-2017-8833 | medium | 6.1 | 6.1 | 9y ago | Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's README.md file offers a link to v160.zip with a description of "Download latest… | |||
| CVE-2017-8832 | medium | 6.1 | 6.1 | 9y ago | Allen Disk 1.6 has XSS in the id parameter to downfile.php. | |||
| CVE-2017-8801 | medium | 6.1 | 6.1 | 9y ago | Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website. | |||
| CVE-2017-8795 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/smtpg_add.html with the param parameter. | |||
| CVE-2017-8792 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter. | |||
| CVE-2017-8791 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector. | |||
| CVE-2017-8788 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks. | |||
| CVE-2017-8760 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop spe… | |||
| CVE-2017-8304 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI. | |||
| CVE-2017-8778 | medium | 6.1 | 6.1 | 9y ago | GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document. | |||
| CVE-2017-8763 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in modules/Base/Box/check_for_new_version.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a… | |||
| CVE-2017-7430 | medium | 6.1 | 6.1 | 9y ago | Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework. | |||
| CVE-2017-8384 | medium | 6.1 | 6.1 | 9y ago | Craft CMS XSS Vulnerability | |||
| CVE-2017-2151 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2147 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2136 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. | |||
| CVE-2017-2135 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2134 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in ASSETBASE 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2124 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via contact.php. | |||
| CVE-2017-2123 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via language.php. | |||
| CVE-2017-2118 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-2111 | medium | 6.1 | 6.1 | 9y ago | HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earl… | |||
| CVE-2017-2106 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-3008 | medium | 6.1 | 6.1 | 9y ago | Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a reflected cross-site scripting vulnerability. | |||
| CVE-2017-3161 | medium | 6.1 | 6.1 | 9y ago | Improper Neutralization of Input During Web Page Generation in Apache Hadoop | |||
| CVE-2017-7987 | medium | 6.1 | 6.1 | 9y ago | In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component. | |||
| CVE-2017-7986 | medium | 6.1 | 6.1 | 9y ago | In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components. | |||
| CVE-2017-7985 | medium | 6.1 | 6.1 | 9y ago | In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components. | |||
| CVE-2017-7984 | medium | 6.1 | 6.1 | 9y ago | In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component. | |||
| CVE-2017-5045 | medium | 6.1 | 6.1 | 9y ago | multiple issues in chromium | |||
| CVE-2017-3579 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 1… |