Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-14372 1 Rsa 1 Archer Grc Platform 2025-04-20 N/A
RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
CVE-2017-14373 1 Emc 1 Rsa Authentication Manager 2025-04-20 N/A
EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.
CVE-2017-14374 1 Dell 1 Storage Manager 2025-04-20 N/A
The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionality via the SMI-S interface. This issue, aka DSM-30415, only affects a Windows installation of the Data Collector (not applicable to the virtual appliance).
CVE-2017-14379 1 Emc 1 Rsa Authentication Manager 2025-04-20 N/A
EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.
CVE-2017-11436 1 Dlink 1 Dir-615 2025-04-20 9.8 Critical
D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection.
CVE-2017-1168 1 Ibm 1 Rational Engineering Lifecycle Manager 2025-04-20 N/A
IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123187.
CVE-2017-14426 1 Dlink 2 Dir-850l, Dir-850l Firmware 2025-04-20 7.8 High
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target) permissions.
CVE-2017-14428 1 Dlink 2 Dir-850l, Dir-850l Firmware 2025-04-20 7.8 High
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions.
CVE-2017-1443 1 Ibm 1 Emptoris Services Procurement 2025-04-20 N/A
IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128109.
CVE-2017-1445 1 Ibm 1 Emptoris Spend Analysis 2025-04-20 N/A
IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128170.
CVE-2017-1447 1 Ibm 1 Emptoris Sourcing 2025-04-20 N/A
IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172.
CVE-2017-14619 1 Phpmyfaq 1 Phpmyfaq 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.
CVE-2017-3132 1 Fortinet 1 Fortios 2025-04-20 N/A
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.
CVE-2017-14597 1 Afterlogic 2 Aurora, Webmail 2025-04-20 N/A
AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain.
CVE-2017-14618 1 Phpmyfaq 1 Phpmyfaq 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action.
CVE-2017-1461 1 Ibm 1 Rational Doors Next Generation 2025-04-20 N/A
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128460.
CVE-2017-11677 1 Hashtopus Project 1 Hashtopus 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php.
CVE-2017-1465 1 Ibm 1 Tririga Application Platform 2025-04-20 N/A
IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 128464.
CVE-2017-14752 1 Mahara 1 Mahara 2025-04-20 N/A
Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara.
CVE-2017-14755 1 Opentext 1 Document Sciences Xpression 2025-04-20 N/A
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, parameter: categoryId.