Total
39863 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-13668 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). | ||||
| CVE-2017-13073 | 1 Qnap | 1 Photo Station | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo Station versions 5.2.7, 5.4.3, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2017-13072 | 1 Qnap | 1 Qts | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code. | ||||
| CVE-2017-12885 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). | ||||
| CVE-2017-12788 | 1 Metinfo | 1 Metinfo | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in Metinfo 5.3.18 allows remote attackers to inject arbitrary web script or HTML via the (1) class1 parameter or the (2) anyid parameter. | ||||
| CVE-2017-12614 | 1 Apache | 1 Airflow | 2024-11-21 | N/A |
| It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above. | ||||
| CVE-2017-12590 | 1 Asus | 2 Rt-n14uhp, Rt-n14uhp Firmware | 2024-11-21 | N/A |
| ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a reflected XSS vulnerability in the "flag" parameter. | ||||
| CVE-2017-12544 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2024-11-21 | N/A |
| A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | ||||
| CVE-2017-12175 | 1 Redhat | 2 Satellite, Satellite Capsule | 2024-11-21 | N/A |
| Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality. | ||||
| CVE-2017-12098 | 1 Rails Admin Project | 1 Rails Admin | 2024-11-21 | 6.1 Medium |
| An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability. | ||||
| CVE-2017-12097 | 1 Delayed Job Web Project | 1 Delayed Job Web | 2024-11-21 | 6.1 Medium |
| An exploitable cross site scripting (XSS) vulnerability exists in the filter functionality of the delayed_job_web rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability. | ||||
| CVE-2017-11739 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | N/A |
| In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility Widget" with a "Custom HTML or Text" field. Once this widget is created, it will be loaded on the dashboard where it was added. An attacker can abuse this functionality by creating a "Utility Widget" that contains malicious JavaScript code, aka XSS. | ||||
| CVE-2017-11650 | 1 Draytek | 2 Vigorap 910c, Vigorap 910c Firmware | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to inject arbitrary web script or HTML via vectors involving home.asp. | ||||
| CVE-2017-11560 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the application. Thus, an attacker can inject a malicious JavaScript payload inside the HTML file and upload it to the application. | ||||
| CVE-2017-11175 | 1 Siemens | 1 Fin Stack | 2024-11-21 | 6.1 Medium |
| In J2 Innovations FIN Stack 4.0, the authentication webform is vulnerable to reflected XSS via the query string to /login. | ||||
| CVE-2017-1002201 | 2 Debian, Haml | 2 Debian Linux, Haml | 2024-11-21 | 6.1 Medium |
| In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code. | ||||
| CVE-2017-1002152 | 1 Redhat | 1 Bodhi | 2024-11-21 | 6.1 Medium |
| Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles. | ||||
| CVE-2017-1000510 | 1 Croogo | 1 Croogo | 2024-11-21 | N/A |
| Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting (XSS) vulnerability in Page name that can result in execution of javascript code. | ||||
| CVE-2017-1000509 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A |
| Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code. | ||||
| CVE-2017-1000508 | 1 Invoiceplane | 1 Invoiceplane | 2024-11-21 | N/A |
| Invoice Plane version 1.5.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Client's details that can result in execution of javascript code . This vulnerability appears to have been fixed in 1.5.5 and later. | ||||