| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in Apache jUDDI before 2.0 allows remote attackers to inject arbitrary web script or HTML via the dsname parameter to happyjuddi.jsp. |
| XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php. |
| In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id parameter. |
| UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. |
| IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 2000152. |
| EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection |
| Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_image.php in FineCMS through 2017-07-12 allows remote attackers to inject arbitrary web script or HTML via the folder, id, or name parameter. |
| REDCap before 7.5.1 has XSS via the query string. |
| FineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account. |
| In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks. |
| Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. |
| An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The keystore is locked with a hard-coded password. Therefore, everyone with access to the keystore can read the content out, for example the private key of the user. |
| nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection |
| Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry. |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter. |
| In FineCMS before 2017-07-06, application\core\controller\config.php allows XSS in the (1) key_name, (2) key_value, and (3) meaning parameters. |
| PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel. |
| ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated. |
| PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item. |
| An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. XSS can be triggered via malicious HTML in a chat message or the content of a ticket article, when using either the REST API or the WebSocket API. |
