Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-11727 1 Connectwise 1 Manage 2025-04-20 N/A
services/system_io/actionprocessor/Contact.rails in ConnectWise Manage 2017.5 allows arbitrary client-side JavaScript code execution (involving a ContactCommon field) on victims who click on a crafted link, aka XSS.
CVE-2017-11744 1 Modx 1 Modx Revolution 2025-04-20 N/A
In MODX Revolution 2.5.7, the "key" and "name" parameters in the System Settings module are vulnerable to XSS. A malicious payload sent to connectors/index.php will be triggered by every user, when they visit this module.
CVE-2017-12978 1 Cacti 1 Cacti 2025-04-20 N/A
lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.
CVE-2017-12648 1 Liferay 1 Liferay Portal 2025-04-20 N/A
XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL.
CVE-2017-12649 1 Liferay 1 Liferay Portal 2025-04-20 N/A
XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display.
CVE-2017-7666 1 Apache 1 Openmeetings 2025-04-20 N/A
Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.
CVE-2017-7583 1 Ilias 1 Ilias 2025-04-20 N/A
ILIAS before 5.2.3 has XSS via SVG documents.
CVE-2017-12798 1 Nexusphp Project 1 Nexusphp 2025-04-20 N/A
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q parameter to searchsuggest.php.
CVE-2017-12812 1 Stivasoft 1 Phpjabbers Night Club Booking Software 2025-04-20 N/A
PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab.
CVE-2017-12813 1 Stivasoft 1 Phpjabbers File Sharing Script 2025-04-20 N/A
PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section.
CVE-2017-7554 1 Redhat 1 Mobile Application Platform 2025-04-20 N/A
It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using App Studio.
CVE-2017-1369 1 Ibm 1 Rational Engineering Lifecycle Manager 2025-04-20 N/A
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126862.
CVE-2017-6340 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2025-04-20 N/A
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report. Additionally, IWSVA implements incorrect access control that allows any authenticated, remote user (even with low privileges like 'Auditor') to create or modify reports, and consequently take advantage of this XSS vulnerability. The JavaScript is executed when victims visit reports or auditlog pages.
CVE-2017-8376 1 Genixcms 1 Genixcms 2025-04-20 N/A
GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is mishandled during a mouse operation by an administrator.
CVE-2017-6762 1 Cisco 1 Jabber Guest 2025-04-20 N/A
A vulnerability in the web-based management interface of Cisco Jabber Guest Server 10.6(9), 11.0(0), and 11.0(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve09718.
CVE-2017-6734 1 Cisco 1 Identity Services Engine 2025-04-20 N/A
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected device, related to the Guest Portal. More Information: CSCvd74794. Known Affected Releases: 1.3(0.909) 2.1(0.800).
CVE-2017-14921 1 Tine20 1 Tine 2.0 2025-04-20 N/A
Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.
CVE-2017-14922 1 Tine20 1 Tine 2.0 2025-04-20 N/A
Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.
CVE-2017-14923 1 Tine20 1 Tine 2.0 2025-04-20 N/A
Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.
CVE-2017-7953 1 Infor 1 Enterprise Asset Management 2025-04-20 N/A
INFOR EAM V11.0 Build 201410 has XSS via comment fields.