Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-4396

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-05 Sep, 2012 | 23:00
Updated At-17 Sep, 2024 | 03:14
Rejected At-
Credits

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2) url or (3) title parameter to apps/bookmarks/ajax/editBookmark.php; (4) tag or (5) page parameter to apps/bookmarks/ajax/updateList.php; (6) identity to apps/user_openid/settings.php; (7) stack name in apps/gallery/lib/tiles.php; (8) root parameter to apps/gallery/templates/index.php; (9) calendar displayname in apps/calendar/templates/part.import.php; (10) calendar uri in apps/calendar/templates/part.choosecalendar.rowfields.php; (11) title, (12) location, or (13) description parameter in apps/calendar/lib/object.php; (14) certain vectors in core/js/multiselect.js; or (15) artist, (16) album, or (17) title comments parameter in apps/media/lib_scanner.php.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:05 Sep, 2012 | 23:00
Updated At:17 Sep, 2024 | 03:14
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2) url or (3) title parameter to apps/bookmarks/ajax/editBookmark.php; (4) tag or (5) page parameter to apps/bookmarks/ajax/updateList.php; (6) identity to apps/user_openid/settings.php; (7) stack name in apps/gallery/lib/tiles.php; (8) root parameter to apps/gallery/templates/index.php; (9) calendar displayname in apps/calendar/templates/part.import.php; (10) calendar uri in apps/calendar/templates/part.choosecalendar.rowfields.php; (11) title, (12) location, or (13) description parameter in apps/calendar/lib/object.php; (14) certain vectors in core/js/multiselect.js; or (15) artist, (16) album, or (17) title comments parameter in apps/media/lib_scanner.php.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/owncloud/core/commit/f8337c9d723039760eecccf68bcb02752551e254
x_refsource_CONFIRM
https://github.com/owncloud/core/commit/8f616ecf76aac4a8b554fbf5a90b1645d0f25438
x_refsource_CONFIRM
https://github.com/owncloud/core/commit/8f09299e2468dfc4f9ec72b05acf47de3ef9d1d7
x_refsource_CONFIRM
https://github.com/owncloud/core/commit/e817504569dce49fd7a677fa510e500394af0c48
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2012/08/11/1
mailing-list
x_refsource_MLIST
https://github.com/owncloud/core/commit/d294373f476c795aaee7dc2444e7edfdea01a606
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2012/09/02/2
mailing-list
x_refsource_MLIST
https://github.com/owncloud/core/commit/642e7ce110cb8c320072532c29abe003385d50f5
x_refsource_CONFIRM
https://github.com/owncloud/core/commit/cc653a8a408adfb4d0cd532145668aacd85ad96c
x_refsource_CONFIRM
https://github.com/owncloud/core/commit/f955f6a6857754826af8903475688ba54f72c1bb
x_refsource_CONFIRM
https://github.com/owncloud/core/commit/44260a552cd4ee50ee11eee45164c725f56f7027
x_refsource_CONFIRM
Hyperlink: https://github.com/owncloud/core/commit/f8337c9d723039760eecccf68bcb02752551e254
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/owncloud/core/commit/8f616ecf76aac4a8b554fbf5a90b1645d0f25438
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/owncloud/core/commit/8f09299e2468dfc4f9ec72b05acf47de3ef9d1d7
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/owncloud/core/commit/e817504569dce49fd7a677fa510e500394af0c48
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.openwall.com/lists/oss-security/2012/08/11/1
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://github.com/owncloud/core/commit/d294373f476c795aaee7dc2444e7edfdea01a606
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.openwall.com/lists/oss-security/2012/09/02/2
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://github.com/owncloud/core/commit/642e7ce110cb8c320072532c29abe003385d50f5
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/owncloud/core/commit/cc653a8a408adfb4d0cd532145668aacd85ad96c
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/owncloud/core/commit/f955f6a6857754826af8903475688ba54f72c1bb
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/owncloud/core/commit/44260a552cd4ee50ee11eee45164c725f56f7027
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/owncloud/core/commit/f8337c9d723039760eecccf68bcb02752551e254
x_refsource_CONFIRM
x_transferred
https://github.com/owncloud/core/commit/8f616ecf76aac4a8b554fbf5a90b1645d0f25438
x_refsource_CONFIRM
x_transferred
https://github.com/owncloud/core/commit/8f09299e2468dfc4f9ec72b05acf47de3ef9d1d7
x_refsource_CONFIRM
x_transferred
https://github.com/owncloud/core/commit/e817504569dce49fd7a677fa510e500394af0c48
x_refsource_CONFIRM
x_transferred
http://www.openwall.com/lists/oss-security/2012/08/11/1
mailing-list
x_refsource_MLIST
x_transferred
https://github.com/owncloud/core/commit/d294373f476c795aaee7dc2444e7edfdea01a606
x_refsource_CONFIRM
x_transferred
http://www.openwall.com/lists/oss-security/2012/09/02/2
mailing-list
x_refsource_MLIST
x_transferred
https://github.com/owncloud/core/commit/642e7ce110cb8c320072532c29abe003385d50f5
x_refsource_CONFIRM
x_transferred
https://github.com/owncloud/core/commit/cc653a8a408adfb4d0cd532145668aacd85ad96c
x_refsource_CONFIRM
x_transferred
https://github.com/owncloud/core/commit/f955f6a6857754826af8903475688ba54f72c1bb
x_refsource_CONFIRM
x_transferred
https://github.com/owncloud/core/commit/44260a552cd4ee50ee11eee45164c725f56f7027
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/owncloud/core/commit/f8337c9d723039760eecccf68bcb02752551e254
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/owncloud/core/commit/8f616ecf76aac4a8b554fbf5a90b1645d0f25438
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/owncloud/core/commit/8f09299e2468dfc4f9ec72b05acf47de3ef9d1d7
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/owncloud/core/commit/e817504569dce49fd7a677fa510e500394af0c48
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2012/08/11/1
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://github.com/owncloud/core/commit/d294373f476c795aaee7dc2444e7edfdea01a606
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2012/09/02/2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://github.com/owncloud/core/commit/642e7ce110cb8c320072532c29abe003385d50f5
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/owncloud/core/commit/cc653a8a408adfb4d0cd532145668aacd85ad96c
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/owncloud/core/commit/f955f6a6857754826af8903475688ba54f72c1bb
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/owncloud/core/commit/44260a552cd4ee50ee11eee45164c725f56f7027
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:05 Sep, 2012 | 23:55
Updated At:11 Apr, 2025 | 00:51

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2) url or (3) title parameter to apps/bookmarks/ajax/editBookmark.php; (4) tag or (5) page parameter to apps/bookmarks/ajax/updateList.php; (6) identity to apps/user_openid/settings.php; (7) stack name in apps/gallery/lib/tiles.php; (8) root parameter to apps/gallery/templates/index.php; (9) calendar displayname in apps/calendar/templates/part.import.php; (10) calendar uri in apps/calendar/templates/part.choosecalendar.rowfields.php; (11) title, (12) location, or (13) description parameter in apps/calendar/lib/object.php; (14) certain vectors in core/js/multiselect.js; or (15) artist, (16) album, or (17) title comments parameter in apps/media/lib_scanner.php.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
ownCloud GmbH
owncloud
>>owncloud>>Versions up to 4.0.1(inclusive)
cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*
ownCloud GmbH
owncloud
>>owncloud_server>>3.0.0
cpe:2.3:a:owncloud:owncloud_server:3.0.0:*:*:*:*:*:*:*
ownCloud GmbH
owncloud
>>owncloud_server>>3.0.1
cpe:2.3:a:owncloud:owncloud_server:3.0.1:*:*:*:*:*:*:*
ownCloud GmbH
owncloud
>>owncloud_server>>3.0.2
cpe:2.3:a:owncloud:owncloud_server:3.0.2:*:*:*:*:*:*:*
ownCloud GmbH
owncloud
>>owncloud_server>>3.0.3
cpe:2.3:a:owncloud:owncloud_server:3.0.3:*:*:*:*:*:*:*
ownCloud GmbH
owncloud
>>owncloud_server>>4.0.0
cpe:2.3:a:owncloud:owncloud_server:4.0.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.openwall.com/lists/oss-security/2012/08/11/1secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2012/09/02/2secalert@redhat.com
N/A
https://github.com/owncloud/core/commit/44260a552cd4ee50ee11eee45164c725f56f7027secalert@redhat.com
Exploit
Patch
https://github.com/owncloud/core/commit/642e7ce110cb8c320072532c29abe003385d50f5secalert@redhat.com
Patch
https://github.com/owncloud/core/commit/8f09299e2468dfc4f9ec72b05acf47de3ef9d1d7secalert@redhat.com
Exploit
Patch
https://github.com/owncloud/core/commit/8f616ecf76aac4a8b554fbf5a90b1645d0f25438secalert@redhat.com
Exploit
Patch
https://github.com/owncloud/core/commit/cc653a8a408adfb4d0cd532145668aacd85ad96csecalert@redhat.com
Exploit
Patch
https://github.com/owncloud/core/commit/d294373f476c795aaee7dc2444e7edfdea01a606secalert@redhat.com
Exploit
Patch
https://github.com/owncloud/core/commit/e817504569dce49fd7a677fa510e500394af0c48secalert@redhat.com
Exploit
Patch
https://github.com/owncloud/core/commit/f8337c9d723039760eecccf68bcb02752551e254secalert@redhat.com
Exploit
Patch
https://github.com/owncloud/core/commit/f955f6a6857754826af8903475688ba54f72c1bbsecalert@redhat.com
Exploit
Patch
http://www.openwall.com/lists/oss-security/2012/08/11/1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2012/09/02/2af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/owncloud/core/commit/44260a552cd4ee50ee11eee45164c725f56f7027af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
https://github.com/owncloud/core/commit/642e7ce110cb8c320072532c29abe003385d50f5af854a3a-2127-422b-91ae-364da2661108
Patch
https://github.com/owncloud/core/commit/8f09299e2468dfc4f9ec72b05acf47de3ef9d1d7af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
https://github.com/owncloud/core/commit/8f616ecf76aac4a8b554fbf5a90b1645d0f25438af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
https://github.com/owncloud/core/commit/cc653a8a408adfb4d0cd532145668aacd85ad96caf854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
https://github.com/owncloud/core/commit/d294373f476c795aaee7dc2444e7edfdea01a606af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
https://github.com/owncloud/core/commit/e817504569dce49fd7a677fa510e500394af0c48af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
https://github.com/owncloud/core/commit/f8337c9d723039760eecccf68bcb02752551e254af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
https://github.com/owncloud/core/commit/f955f6a6857754826af8903475688ba54f72c1bbaf854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
Hyperlink: http://www.openwall.com/lists/oss-security/2012/08/11/1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/09/02/2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://github.com/owncloud/core/commit/44260a552cd4ee50ee11eee45164c725f56f7027
Source: secalert@redhat.com
Resource:
Exploit
Patch
Hyperlink: https://github.com/owncloud/core/commit/642e7ce110cb8c320072532c29abe003385d50f5
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: https://github.com/owncloud/core/commit/8f09299e2468dfc4f9ec72b05acf47de3ef9d1d7
Source: secalert@redhat.com
Resource:
Exploit
Patch
Hyperlink: https://github.com/owncloud/core/commit/8f616ecf76aac4a8b554fbf5a90b1645d0f25438
Source: secalert@redhat.com
Resource:
Exploit
Patch
Hyperlink: https://github.com/owncloud/core/commit/cc653a8a408adfb4d0cd532145668aacd85ad96c
Source: secalert@redhat.com
Resource:
Exploit
Patch
Hyperlink: https://github.com/owncloud/core/commit/d294373f476c795aaee7dc2444e7edfdea01a606
Source: secalert@redhat.com
Resource:
Exploit
Patch
Hyperlink: https://github.com/owncloud/core/commit/e817504569dce49fd7a677fa510e500394af0c48
Source: secalert@redhat.com
Resource:
Exploit
Patch
Hyperlink: https://github.com/owncloud/core/commit/f8337c9d723039760eecccf68bcb02752551e254
Source: secalert@redhat.com
Resource:
Exploit
Patch
Hyperlink: https://github.com/owncloud/core/commit/f955f6a6857754826af8903475688ba54f72c1bb
Source: secalert@redhat.com
Resource:
Exploit
Patch
Hyperlink: http://www.openwall.com/lists/oss-security/2012/08/11/1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/09/02/2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/owncloud/core/commit/44260a552cd4ee50ee11eee45164c725f56f7027
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Hyperlink: https://github.com/owncloud/core/commit/642e7ce110cb8c320072532c29abe003385d50f5
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://github.com/owncloud/core/commit/8f09299e2468dfc4f9ec72b05acf47de3ef9d1d7
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Hyperlink: https://github.com/owncloud/core/commit/8f616ecf76aac4a8b554fbf5a90b1645d0f25438
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Hyperlink: https://github.com/owncloud/core/commit/cc653a8a408adfb4d0cd532145668aacd85ad96c
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Hyperlink: https://github.com/owncloud/core/commit/d294373f476c795aaee7dc2444e7edfdea01a606
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Hyperlink: https://github.com/owncloud/core/commit/e817504569dce49fd7a677fa510e500394af0c48
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Hyperlink: https://github.com/owncloud/core/commit/f8337c9d723039760eecccf68bcb02752551e254
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Hyperlink: https://github.com/owncloud/core/commit/f955f6a6857754826af8903475688ba54f72c1bb
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch

Change History

0
Information is not available yet

Similar CVEs

12258Records found
CVE-2013-5588
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-4.3||MEDIUM
EPSS-0.33% / 55.22%
||
7 Day CHG~0.00%
Published-29 Aug, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cacti/host.php.

Action-Not Available
Vendor-n/aopenSUSEThe Cacti Group, Inc.
Product-cactiopensusen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-8139
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.1||MEDIUM
EPSS-0.11% / 30.91%
||
7 Day CHG~0.00%
Published-22 Nov, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HedEx Earlier than V200R006C00 versions have the stored cross-site scripting (XSS) vulnerability. Attackers can exploit the vulnerability to plant malicious scripts into the configuration file to interrupt the services of legitimate users.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-hedex_liteHedEx Lite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-5151
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 52.91%
||
7 Day CHG~0.00%
Published-19 Sep, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-7427
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-5.4||MEDIUM
EPSS-0.20% / 42.50%
||
7 Day CHG~0.00%
Published-05 Mar, 2018 | 16:00
Updated-17 Sep, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iManager - Multiple Reflected Cross-Site Scripting attacks

Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in the Object Selector, via vdtData in the Version discovery and via nextFrame in the Object Inspector and via Host GUID in the System details plugins.

Action-Not Available
Vendor-netiqNetIQ
Product-identity_managerIdentity Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-5308
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 51.58%
||
7 Day CHG~0.00%
Published-16 Aug, 2013 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the RealURL Management (realurlmanagement) extension 0.3.4 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-juralsulekn/aTYPO3 Association
Product-typo3realurlmanagementn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-7430
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-6.1||MEDIUM
EPSS-0.66% / 70.23%
||
7 Day CHG~0.00%
Published-03 May, 2017 | 05:13
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework.

Action-Not Available
Vendor-netiqn/aNovell
Product-imanagerNovell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-7583
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.58% / 67.88%
||
7 Day CHG~0.00%
Published-07 Apr, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ILIAS before 5.2.3 has XSS via SVG documents.

Action-Not Available
Vendor-iliasn/a
Product-iliasn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-7896
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.35% / 56.99%
||
7 Day CHG~0.00%
Published-18 Apr, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-interscan_messaging_security_virtual_appliancen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-7421
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-6.1||MEDIUM
EPSS-0.17% / 38.13%
||
7 Day CHG~0.00%
Published-21 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features.

Action-Not Available
Vendor-Micro Focus International Limited
Product-directory_serverenterprise_serverenterprise_developerenterprise_server_monitor_and_controlMicro Focus Enterprise Developer, Micro Focus Enterprise Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-5702
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 49.43%
||
7 Day CHG~0.00%
Published-19 Oct, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in WatchGuard WSM and Fireware before 11.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Action-Not Available
Vendor-n/aWatchGuard Technologies, Inc.
Product-firewarewatchguard_system_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-7391
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-8.89% / 92.20%
||
7 Day CHG~0.00%
Published-01 Apr, 2017 | 01:07
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the 'magmi-git-master/magmi/web/ajax_gettime.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Action-Not Available
Vendor-magmi_projectn/a
Product-magmin/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-7388
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.23% / 46.13%
||
7 Day CHG~0.00%
Published-01 Apr, 2017 | 01:07
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Scripting (XSS) was discovered in 'wallacepos v1.4.1'. The vulnerability exists due to insufficient filtration of user-supplied data (token) passed to the 'wallacepos-master/myaccount/resetpassword.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Action-Not Available
Vendor-wallaceitn/a
Product-wallaceposn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-7288
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.51% / 65.29%
||
7 Day CHG~0.00%
Published-23 May, 2017 | 03:56
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) before 8.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aSynacor, Inc.
Product-zimbra_collaboration_suiten/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45085
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.32% / 54.08%
||
7 Day CHG~0.00%
Published-16 Dec, 2021 | 02:19
Updated-04 Aug, 2024 | 04:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.

Action-Not Available
Vendor-n/aThe GNOME ProjectDebian GNU/Linux
Product-epiphanydebian_linuxn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-7591
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.23% / 45.23%
||
7 Day CHG~0.00%
Published-09 Apr, 2017 | 01:32
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/user/.

Action-Not Available
Vendor-openidm_projectn/a
Product-openidmn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-7340
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.16%
||
7 Day CHG~0.00%
Published-25 Mar, 2019 | 20:55
Updated-25 Oct, 2024 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiportalFortinet FortiPortal
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-8044
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.20% / 41.98%
||
7 Day CHG~0.00%
Published-27 Nov, 2017 | 10:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-single_sign-on_for_pivotal_cloud_foundrySingle Sign-On for PCF 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-7632
Matching Score-4
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-4
Assigner-QNAP Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.25% / 48.21%
||
7 Day CHG~0.00%
Published-27 Mar, 2018 | 21:00
Updated-16 Sep, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in File Station of QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML.

Action-Not Available
Vendor-n/aQNAP Systems, Inc.
Product-qtsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-5570
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.54%
||
7 Day CHG~0.00%
Published-23 Aug, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Javascript and CSS Optimizer extension before 1.1.14 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-axel_jungn/aTYPO3 Association
Product-typo3js_css_optimizern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-4891
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.27% / 49.80%
||
7 Day CHG~0.00%
Published-21 Feb, 2018 | 16:00
Updated-06 Aug, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xss_clean function in CodeIgniter before 2.1.4 might allow remote attackers to bypass an intended protection mechanism and conduct cross-site scripting (XSS) attacks via an unclosed HTML tag.

Action-Not Available
Vendor-codeignitern/a
Product-codeignitern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-7384
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.22% / 44.95%
||
7 Day CHG~0.00%
Published-01 Jun, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF allows remote attackers to inject arbitrary web script or HTML via the currentHTMLURL parameter.

Action-Not Available
Vendor-flipbuildern/a
Product-flip_pdfn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-5136
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 45.20%
||
7 Day CHG~0.00%
Published-02 Sep, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Innovative Interfaces Sierra Library Services Platform 1.2_3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Action-Not Available
Vendor-iiin/a
Product-sierran/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-4814
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.62% / 69.21%
||
7 Day CHG~0.00%
Published-23 Sep, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in HP XP P9000 Command View Advanced Edition Suite Software 7.x before 7.5.0-02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-xp_9000_command_viewn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-6248
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.16%
||
7 Day CHG~0.00%
Published-13 Jan, 2019 | 00:00
Updated-17 Sep, 2024 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 has Reflected XSS via the srch parameter, as demonstrated by restaurants-details.php.

Action-Not Available
Vendor-citysearch_\/_hotfrog_\/_gelbeseiten_clone_script_projectn/a
Product-citysearch_\/_hotfrog_\/_gelbeseiten_clone_scriptn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-44791
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-6.1||MEDIUM
EPSS-8.29% / 91.90%
||
7 Day CHG~0.00%
Published-07 Jul, 2022 | 18:35
Updated-04 Aug, 2024 | 04:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected XSS on certain HTTP endpoints

In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks.

Action-Not Available
Vendor-The Apache Software Foundation
Product-druidApache Druid
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-8127
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.1||MEDIUM
EPSS-0.12% / 32.32%
||
7 Day CHG~0.00%
Published-22 Nov, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-umaUMA
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-4939
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.62%
||
7 Day CHG~0.00%
Published-26 Jul, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.

Action-Not Available
Vendor-n/aMoodle Pty LtdYahoo Inc.
Product-yuimoodlen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-7437
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-4.6||MEDIUM
EPSS-0.18% / 40.08%
||
7 Day CHG~0.00%
Published-05 Mar, 2018 | 16:00
Updated-16 Sep, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross site scripting attacks against NetIQ Privileged Account Manager

NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via the "type" and "account" parameters of json requests.

Action-Not Available
Vendor-netiqNetIQ
Product-privileged_account_managerPrivileged Account Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-7389
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.23% / 46.13%
||
7 Day CHG~0.00%
Published-01 Apr, 2017 | 01:07
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple Cross-Site Scripting (XSS) were discovered in 'openeclass Release_3.5.4'. The vulnerabilities exist due to insufficient filtration of user-supplied data (meeting_id, user) passed to the 'openeclass-master/modules/tc/webconf/webconf.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Action-Not Available
Vendor-openeclassn/a
Product-openeclassn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-2180
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.33% / 55.56%
||
7 Day CHG~0.00%
Published-29 Jun, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in dereferer.php in A Really Simple Chat (ARSC) 3.3-rc2 allows remote attackers to inject arbitrary web script or HTML via the arsc_link parameter.

Action-Not Available
Vendor-reallysimplechatn/a
Product-really_simple_chatn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-7316
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.21% / 43.65%
||
7 Day CHG~0.00%
Published-04 Jul, 2017 | 02:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Humax Digital HG100R 2.0.6 devices. There is XSS on the 404 page.

Action-Not Available
Vendor-humaxdigitaln/a
Product-hg100r_firmwarehg100rn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-7409
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.25% / 48.06%
||
7 Day CHG~0.00%
Published-21 Apr, 2017 | 02:11
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674.

Action-Not Available
Vendor-n/aPalo Alto Networks, Inc.
Product-pan-osn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-7579
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.30% / 52.90%
||
7 Day CHG~0.00%
Published-07 Apr, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field.

Action-Not Available
Vendor-n/aThorsten Rinne (phpMyFAQ)
Product-phpmyfaqn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46251
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.16%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 22:13
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit 1603f04e44ef67dde6ccffe866d2dca16defb293 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.

Action-Not Available
Vendor-scratchoauth2_projectn/a
Product-scratchoauth2n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-6204
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.32% / 54.71%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_ossafariSafariiOS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-5442
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.27% / 49.87%
||
7 Day CHG~0.00%
Published-13 Nov, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_network_protection_firmwaresecurity_network_protection_xgs_5100n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-5938
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.26% / 49.14%
||
7 Day CHG~0.00%
Published-17 May, 2019 | 15:25
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'.

Action-Not Available
Vendor-Cybozu, Inc.
Product-garoonCybozu Garoon
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-7425
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.6||HIGH
EPSS-0.49% / 64.58%
||
7 Day CHG~0.00%
Published-06 Nov, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Reflected XSS in iManager

Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2.

Action-Not Available
Vendor-netiqNetIQ Corporation
Product-imanagerNetIQ iManager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-7855
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.55% / 66.78%
||
7 Day CHG~0.00%
Published-31 Aug, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter.

Action-Not Available
Vendor-icewarpn/a
Product-servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-7871
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.16%
||
7 Day CHG~0.00%
Published-14 Apr, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in tdm-master/webhook.php (challenge parameter).

Action-Not Available
Vendor-tdm_projectn/a
Product-tdmn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45224
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.49% / 64.38%
||
7 Day CHG~0.00%
Published-24 Jan, 2022 | 19:58
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in COINS Construction Cloud 11.12. In several locations throughout the application, JavaScript code is passed as a URL parameter. Attackers can trivially alter this code to cause malicious behaviour. The application is therefore vulnerable to reflected XSS via malicious URLs.

Action-Not Available
Vendor-coins-globaln/a
Product-coins_construction_cloudn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-7984
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.01% / 0.83%
||
7 Day CHG~0.00%
Published-25 Apr, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component.

Action-Not Available
Vendor-n/aJoomla!
Product-joomla\!n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-5573
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.60% / 85.03%
||
7 Day CHG~0.00%
Published-31 Dec, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.

Action-Not Available
Vendor-n/aJenkins
Product-jenkinsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-20669
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.14% / 34.95%
||
7 Day CHG-0.07%
Published-27 May, 2022 | 14:05
Updated-06 Nov, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-common_services_platform_collectorCisco Common Services Platform Collector Software
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-4815
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 49.43%
||
7 Day CHG~0.00%
Published-20 Sep, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the web interface in HP ArcSight Enterprise Security Manager (ESM) before 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aMicro Focus International Limited
Product-arcsight_enterprise_security_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45813
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.16%
||
7 Day CHG~0.00%
Published-28 Dec, 2021 | 14:42
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vulnerability. The attacker can steal the user's session by injecting malicious JavaScript codes which leads to Session Hijacking and cause user's credentials theft.

Action-Not Available
Vendor-slicann/a
Product-webctin/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-7992
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.23% / 45.98%
||
7 Day CHG~0.00%
Published-21 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php v2.8.17 is vulnerable to a reflected XSS in examples/consumer-authentication/cruise.php via the URI, as demonstrated by the cavv parameter.

Action-Not Available
Vendor-heartland_payment_systemsn/a
Product-heartland-phpn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-5519
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 57.18%
||
7 Day CHG~0.00%
Published-03 Oct, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-wireless_lan_controllern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-7419
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-4.6||MEDIUM
EPSS-0.18% / 40.08%
||
7 Day CHG~0.00%
Published-02 Mar, 2018 | 20:00
Updated-16 Sep, 2024 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NetIQ Access Manager OAuth Consent screen XSS attack

A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider.

Action-Not Available
Vendor-netiqNetIQ
Product-access_managerAccess Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-2400
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.82% / 73.50%
||
7 Day CHG~0.00%
Published-29 Jul, 2011 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-sitescopen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 245
  • 246
  • Next
Details not found