CWE:
 

Topic
Date
Author
Low
WordPress Smart Marketing SMS And Newsletters Forms 1.1.1 XSS
06.12.2017
Ricardo Sanchez
Low
WordPress WP Mailster 1.5.4.0 Cross Site Scripting
06.12.2017
Ricardo Sanchez
Low
WordPress Z-URL Preview 1.6.1 Cross Site Scripting
06.12.2017
Ricardo Sanchez
Low
WordPress 3rd-Party Inject Results 0.2 Cross Site Scripting
06.12.2017
Ricardo Sanchez
Low
Jenkins stored cross-site scripting vulnerability
05.12.2017
Daniel Beck
Low
FortiGate SSL VPN Portal 5.x Cross Site Scripting
04.12.2017
Stefan Viehböck
High
OpenEMR 5.0.0 Command Injection / Cross Site Scripting
04.12.2017
Jasveer
Low
Mist Server v2.12 Unauthenticated Persistent XSS
01.12.2017
hyp3rlinx
Low
ZKTeco ZKTime Web 2.0.1.12280 Cross Site Scripting
01.12.2017
Himanshu Mehta
Low
CMS Made Simple 2.1.6 Cross Site Scripting / Template Injection
29.11.2017
Ziyahan Albeniz
Low
CommuniGatePro 6.1.16 Cross Site Scripting
26.11.2017
Boumediene KADDOUR
Low
earth.google.com cross site scripting
25.11.2017
Hosein)root
Low
WordPress Breezing Forms 1.2.7.42 Cross Site Scripting
22.11.2017
Ricardo Sanchez
Low
MyTy 5.1.7 Cross Site Scripting
22.11.2017
Nicolas Heiniger
Low
WordPress Emag Marketplace Connector 1.0 Cross Site Scripting
21.11.2017
Ricardo Sanchez
Low
WordPress Advanced Post Type Ratings 1.1 Cross Site Scripting
21.11.2017
Ricardo Sanchez
Low
MyBB 1.8.13 Cross-Site Scripting
21.11.2017
Pablo Sacristan
Low
wp-sms "page" Parameter Cross Site Scripting
21.11.2017
Ali Alizadeh Asl
Med.
Siemens SICAM RTUs SM-2556 COM Modules XSS / Bypass / Code Execution
17.11.2017
SEC Consult
Low
TP-Link TL-WR740N Cross-Site Scripting
17.11.2017
bl00dy
Low
LanSweeper 6.0.100.75 Cross-Site Scripting
17.11.2017
Miguel Mendez Z
Low
Vonage VDV23 Cross-Site Scripting
17.11.2017
Nu11By73
Low
CA Identity Governance 12.6 Cross Site Scripting
16.11.2017
Kevin Kotas
Low
WordPress DFD Reddcoin Tips 1.1.1 Cross Site Scripting
15.11.2017
Ricardo Sanchez
Low
Allworx Server Manager 6x / 6x12 / 48x Cross Site Scripting
15.11.2017
Gjoko 'LiquidWorm' Krs...
Low
Kirby CMS < 2.5.7 Cross-Site Scripting
15.11.2017
Ishaq Mohammed
Low
WordPress Affiliate Ads For Clickbank Products 1.3 XSS
15.11.2017
Ricardo Sanchez
Low
WordPress AMP Toolbox 1.9.4 Cross Site Scripting
15.11.2017
Ricardo Sanchez
Low
WordPress Boozang 1.0.0 Cross Site Scripting
14.11.2017
Ricardo Sanchez
Low
KirbyCMS Cross Site Scripting
14.11.2017
Ishaq Mohammed
Low
Monstra CMS 3.0.4 Cross Site Scripting
14.11.2017
Ashiyane Digital secur...
Low
WordPress Cartogiraffe Map 1.0 Cross Site Scripting
14.11.2017
icardo Sanchez
Low
WordPress Appointments 2.2.2.2 Cross Site Scripting
14.11.2017
Ricardo Sanchez
Low
Vtwo cms Cross Site Scripting(Reflected) vulnerability
13.11.2017
IRANIAN ETHICAL HACKER...
Low
HindSoft Technology Cross Site Scripting
11.11.2017
SonnySpooks
Low
WordPress Secure HTML5 Video Player 3.14 Cross Site Scripting
10.11.2017
Ricardo Sanchez
Low
WordPress Ultimate Instagram Feed 1.2 Cross Site Scripting
09.11.2017
OmarK
Low
WordPress Duplicator Migration 1.2.28 Cross Site Scripting
07.11.2017
Ricardo Sanchez
Med.
CMS Poweres by Oyabunstyle.de SQL Injection
06.11.2017
Bl4ck M4n
Low
web2Project cms Cross Site Scripting
06.11.2017
Ashiyane Digital Secur...
Low
WordPress User Login History 1.5.2 Cross Site Scripting
01.11.2017
Nicolas Buzy-Debat
Low
phpMyFAQ 2.9.8 Stored XSS Vulnerability
31.10.2017
Nikhil Mittal
Low
Oracle FCDB <= 10.5 Cross Site Scripting Vulnerability
28.10.2017
Ajay Gowtham
Low
PHP iCalendar Cross Site Scripting (XSS)
27.10.2017
SonnySpooks
High
BMC Remedy LFI / RFI / XSS / Code Execution
23.10.2017
Simon Rawet
Low
viban cms Cross Site Scripting vulnerability
23.10.2017
IRANIAN ETHICAL HACKER...
Low
TP-LINK TL-MR3220 Vulnerability Xss
21.10.2017
FireShell
Low
Loxblog cross-site scripting Vulnerability
20.10.2017
Milad Ahmadi
High
Afian AB FileRun 2017.03.18 CSRF / Shell Upload / XSS / Redirection
18.10.2017
SEC Consult
Med.
Linksys E Series CSRF / XSS / Denial Of Service / Header Injection
18.10.2017
SEC Consult
High
Webmin 1.850 SSRF / CSRF / Cross Site Scripting / Command Execution
18.10.2017
hyp3rlinx
Low
MJM Usm Cross Site Scripting
18.10.2017
ArashHC
Low
nuevoMailer v.4.00 Cross-Site Scripting Vulnerability
17.10.2017
P4kL0nc4t
Low
WordPress Influencer Marketing And Press Release System 2.2 XSS
17.10.2017
Ricardo Sanchez
Low
Webtrekk Pixel Tracking Cross Site Scripting
17.10.2017
SEC Consult
Med.
E-Sic Software livre CMS 1.0 Cross Site Scripting / SQL Injection
16.10.2017
Elber Tavares
Low
DreamBox BouquetEditor 2.0.0 Cross Site Scripting
13.10.2017
Thiago "THX" Sena
Low
WordPress Pootle Button 1.1.1 Cross Site Scripting
13.10.2017
Ricardo Sanchez
Low
WordPress PopCash.Net Publisher Code Integration 1.0 Cross Site Scripting
12.10.2017
Ricardo Sanchez
Low
OctoberCMS 1.0.425 Cross Site Scripting
12.10.2017
Ishaq Mohammed
Low
WordPress WP-Contact-Widgets 1.4.1 Cross Site Scripting
12.10.2017
Boumediene KADDOUR
Low
WordPress TR Easy Google Analytics 1.0.0 Cross Site Scripting
11.10.2017
Ricardo Sanchez
Low
Lansweeper 6.0.0.63 Cross Site Scripting
08.10.2017
Multiple
Low
EPESI 1.8.2 Revision 20170830 Cross Site Scripting
05.10.2017
Zeeshan Shaikh
Low
SmarterStats 11.3.6347 Cross Site Scripting
02.10.2017
David Hoyt
Med.
WordPress Content Audit 1.9.1 Cross Site Request Forgery / Cross Site Scripting
28.09.2017
Tom Adams
Low
Sitefinity CMS 9.2 Cross-Site Scripting
26.09.2017
Pralhad Chaskar
Med.
Kaltura 13.1.0 Code Execution / Cross Site Scripting
25.09.2017
Robin Verton
Low
CMS TMBA Co Cross Site Scripting
22.09.2017
Mostafa.Akbarzadeh
Low
WordPress 2kb Amazon Affiliates Store 2.1.0 Cross Site Scripting
21.09.2017
Ricardo Sanchez
Low
SUSE/Portus 2.2 Cross Site Scripting
19.09.2017
rsanchezr
Low
SilverStrip CMS 3.5.3 Cross Site Scripting
15.09.2017
Anonymous
Low
Divar Cross Site Scripting
12.09.2017
ArashHC
High
D-Link 850L XSS Backdoor and Code Execution
10.09.2017
Pierre Kim
Low
WordPress Training Membership 1.0.8 Cross Site Scripting
10.09.2017
8bitsec
Low
CMS Showcase 1.0 Cross Site Scripting
10.09.2017
Felipe "Renzi" Gabriel
Med.
EE 4GEE Wireless Router EE60_00_05.00_25 XSS / CSRF / Disclosure
10.09.2017
James Hemmings
Low
IWEBSOUL CMS - Multiple Cross Site Scripting Vulnerabilities
08.09.2017
Renzi
Low
Wordpress cool-flickr-slideshow Plugin Cross Site Scripting(xss)
07.09.2017
Ashiyane Digital Secur...
Low
Wordpress Contact Form 7 International Sms Integration Plugin Cross Site Scripting
07.09.2017
Ashiyane Digital Secur...
Low
Subrion Cms Cross Site Scripting (XSS)
07.09.2017
Ashiyane Digital Secur...
Low
WordPress Plugin Participants Database < 1.7.5.10 Cross-Site Scripting
05.09.2017
Benjamin Lim
Low
MISP 2.4.79 Cross Site Scripting
30.08.2017
Deloitte Zero Day
Low
Eleanor CMS v0.9 Stored Cross Site Scripting
24.08.2017
Iran Cyber Security Gr...
Med.
Progress Sitefinity 9.1 XSS / Session Management / Open Redirect
23.08.2017
SEC Consult
Med.
Backdrop CMS 1.7.1 Cross Site Scripting
23.08.2017
Manuel Garcia Cardenas
High
QuantaStor Software Defined Storage < 4.3.1 Multiple Vulnerabilities
18.08.2017
Nahuel D. Sanchez, VVV...
Low
Quali CloudShell 7.1.0.6508 (Patch 6) Persistent Cross Site Scripting
14.08.2017
Benjamin Lee
Low
WordPress PressForward 4.3.0 Cross Site Scripting
11.08.2017
Neven Biruski
Low
CMS Made Simple - Reflected Cross-Site Scripting
08.08.2017
Renzi
Low
WordPress GamePlan Event And Gym Fitness Theme 1.5.13.2 Cross Site Scripting
06.08.2017
Kushal Jaisingh
Low
Axis 2100 Network Camera 2.43 Cross Site Scripting
04.08.2017
Nassim Asrir
Low
Technicolor TC7337 Cross Site Scripting
03.08.2017
Geolado Giolado
Low
TYPO3 Formhandler 2.4.0 Cross Site Scripting
01.08.2017
RedTeam
Med.
Flash Slideshow Maker Professional XSS / Content Forgery / Redirect
01.08.2017
ret2eax
Low
FortiOS <= 5.6.0 Multiple XSS Vulnerabilities
28.07.2017
Patryk Bogdan
Low
WordPress FormCraft Form Builder 3.2.31 Cross Site Scripting
26.07.2017
8bitsec
Low
WordPress Ultimate Affiliate Pro 3.6 Cross Site Scripting
26.07.2017
8bitsec
Low
WebMotionUK CMS Reflected Cross site scripting(xss) Vulnerability
26.07.2017
Ashiyane Digital Secur...
High
WebKit JSC JSObject::putInlineSlow & JSValue::putToPrimitive XSS
25.07.2017
lokihardt


CVEMAP Search Results

CVE
Details
Description
2017-11-30
Low
CVE-2017-12346

Vendor: Cisco
Software: Data center ...
 

 
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.

 
Low
CVE-2017-12347

Vendor: Cisco
Software: Data center ...
 

 
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.

 
Low
CVE-2017-12348

Vendor: Cisco
Software: Unified comp...
 

 
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986.

 
Low
CVE-2017-12349

Vendor: Cisco
Software: Unified comp...
 

 
Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986.

 
Low
CVE-2017-12356

Vendor: Cisco
Software: Jabber
 

 
A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf50378, CSCvg56018.

 
Low
CVE-2017-12357

Vendor: Cisco
Software: Unified comm...
 

 
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf79346.

 
Low
CVE-2017-12358

Vendor: Cisco
Software: Jabber
 

 
A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf79080, CSCvf79088.

 
Low
CVE-2017-12366

Vendor: Cisco
Software: Webex meetin...
 

 
A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf78635,, CSCvg52440.

 
2017-11-27
Low
CVE-2017-16956

Vendor: Symphony project
Software: Symphony
 

 
b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title.

 
Low
CVE-2017-15051

Vendor: Teampass
Software: Teampass
 

 
Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or (2) user log history. To exploit the vulnerability, the attacker must be first authenticated to the application. For the first one, the attacker has to simply inject XSS code within the URL field of a shared item. For the second one however, the attacker must prepare a payload within its profile, and then ask an administrator to modify its profile. From there, whenever the administrator accesses the log, it can be XSS'ed.

 

 


Copyright 2017, cxsecurity.com

 

Back to Top