| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. |
| Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF8 Converter vulnerability can easily be used to make a malicious announcement affecting any Invision Power Board user who views the announcement. |
| Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-4713. |
| Craft CMS before 2.6.2974 allows XSS attacks. |
| Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts. |
| In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings. |
| PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected Cross-Site Scripting on error.htm (the error page), via the errormsg parameter. |
| The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file. |
| Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML. |
| The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks. |
| Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. |
| An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device. |
| ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS. |
| Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files. |
| Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter. |
| An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure. |
| Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2. |
| Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2. |
| PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter. |
