Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-14370

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-11 Oct, 2017 | 19:00
Updated At-05 Aug, 2024 | 19:27
Rejected At-
Credits

RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:11 Oct, 2017 | 19:00
Updated At:05 Aug, 2024 | 19:27
Rejected At:
▼CVE Numbering Authority (CNA)

RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.

Affected Products
Vendor
n/a
Product
RSA Archer GRC Platform versions prior to 6.2.0.5
Versions
Affected
  • RSA Archer GRC Platform versions prior to 6.2.0.5
Problem Types
TypeCWE IDDescription
textN/AStored Cross Site Scripting
Type: text
CWE ID: N/A
Description: Stored Cross Site Scripting
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1039518
vdb-entry
x_refsource_SECTRACK
http://seclists.org/fulldisclosure/2017/Oct/12
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id/1039518
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://seclists.org/fulldisclosure/2017/Oct/12
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1039518
vdb-entry
x_refsource_SECTRACK
x_transferred
http://seclists.org/fulldisclosure/2017/Oct/12
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id/1039518
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2017/Oct/12
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:11 Oct, 2017 | 19:29
Updated At:20 Apr, 2025 | 01:37

RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.4MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary2.03.5LOW
AV:N/AC:M/Au:S/C:N/I:P/A:N
Type: Primary
Version: 3.0
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Type: Primary
Version: 2.0
Base score: 3.5
Base severity: LOW
Vector:
AV:N/AC:M/Au:S/C:N/I:P/A:N
CPE Matches
RSA Security LLC
rsa
>>archer_grc_platform>>Versions up to 6.2.0.4(inclusive)
cpe:2.3:a:rsa:archer_grc_platform:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://seclists.org/fulldisclosure/2017/Oct/12security_alert@emc.com
Mailing List
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039518security_alert@emc.com
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2017/Oct/12af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039518af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
Hyperlink: http://seclists.org/fulldisclosure/2017/Oct/12
Source: security_alert@emc.com
Resource:
Mailing List
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1039518
Source: security_alert@emc.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://seclists.org/fulldisclosure/2017/Oct/12
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1039518
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

6361Records found
CVE-2017-7736
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 36.35%
||
7 Day CHG~0.00%
Published-22 Nov, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certificate import.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortinet FortiWeb
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2007-0275
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.85% / 73.89%
||
7 Day CHG~0.00%
Published-17 Jan, 2007 | 02:00
Updated-07 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01.

Action-Not Available
Vendor-n/aOracle Corporation
Product-collaboration_suitee-business_suiteapplication_serverdatabase_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46073
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-4.26% / 88.36%
||
7 Day CHG~0.00%
Published-06 Jan, 2022 | 15:25
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel.

Action-Not Available
Vendor-vehicle_service_management_system_projectn/a
Product-vehicle_service_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45674
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.2||LOW
EPSS-0.46% / 62.93%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:24
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax200_firmwarerax80rax15r8000rax75r7000rax80_firmwarer7900r7900_firmwarer7000_firmwarerax15_firmwarerax20rax200rax75_firmwarerax20_firmwarer8000_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-14752
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.30% / 52.48%
||
7 Day CHG~0.00%
Published-31 Oct, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara.

Action-Not Available
Vendor-n/aMahara
Product-maharan/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45668
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 44.26%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:25
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-eax80ex7500rax80rax15rax75ex3800_firmwarer8000pex3700rax50ex7500_firmwarer7960prax45r8000p_firmwareeax80_firmwarerax200rax20rax20_firmwareex6130r7900prax200_firmwareeax20_firmwareex6130_firmwarerax80_firmwareeax20ex3800r7960p_firmwarerax15_firmwareex3700_firmwarerax75_firmwareex6120rax50_firmwarerax45_firmwarer7900p_firmwareex6120_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45676
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.26%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:23
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.5.126, RAX20 before 1.0.2.82, RAX80 before 1.0.5.126, RAX15 before 1.0.2.82, and RAX75 before 1.0.5.126.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax200_firmwarerax80rax15rax15_firmwarerax20rax200rax75_firmwarerax75rax80_firmwarerax20_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-6864
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.4||MEDIUM
EPSS-0.30% / 53.12%
||
7 Day CHG~0.00%
Published-29 Mar, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks.

Action-Not Available
Vendor-n/aSiemens AG
Product-ruggedcom_rox_iRUGGEDCOM ROX I All versions
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-5001
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.18% / 40.45%
||
7 Day CHG~0.00%
Published-30 Jul, 2013 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a TextLinkTransformationPlugin link.

Action-Not Available
Vendor-n/aphpMyAdmin
Product-phpmyadminn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-2114
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.8||MEDIUM
EPSS-0.19% / 41.71%
||
7 Day CHG~0.00%
Published-17 Jul, 2022 | 10:36
Updated-03 Aug, 2024 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Data Tables Generator by Supsystic < 1.10.20 - Admin+ Stored Cross-Site Scripting

The Data Tables Generator by Supsystic WordPress plugin before 1.10.20 does not sanitise and escape some of its Table settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)

Action-Not Available
Vendor-supsysticUnknown
Product-data_tables_generatorData Tables Generator by Supsystic
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-5390
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.5||LOW
EPSS-0.19% / 40.80%
||
7 Day CHG~0.00%
Published-16 Oct, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_extreme_scalen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-5402
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.5||LOW
EPSS-0.18% / 39.92%
||
7 Day CHG~0.00%
Published-18 Dec, 2013 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.1.x through 7.1.1.12, 7.1.2, and 7.2.x through 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-maximo_for_life_sciencesmaximo_for_governmentsmartcloud_control_deskmaximo_asset_management_essentialsmaximo_for_nuclear_powerchange_and_configuration_management_databasetivoli_service_request_managermaximo_for_transportationmaximo_for_oil_and_gasmaximo_asset_managementtivoli_asset_management_for_itmaximo_for_utilitiesn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-6717
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 38.85%
||
7 Day CHG~0.00%
Published-04 Jul, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc38801. Known Affected Releases: 6.0.1.3 6.2.1. Known Fixed Releases: 6.2.1.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_firewall_management_centerCisco Firepower Management Center
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46071
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-4.26% / 88.36%
||
7 Day CHG~0.00%
Published-06 Jan, 2022 | 15:27
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Category List Section in login panel.

Action-Not Available
Vendor-vehicle_service_management_system_projectn/a
Product-vehicle_service_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-6817
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-2.61% / 85.05%
||
7 Day CHG~0.00%
Published-12 Mar, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds.

Action-Not Available
Vendor-n/aDebian GNU/LinuxWordPress.org
Product-wordpressdebian_linuxn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46070
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.75% / 72.20%
||
7 Day CHG~0.00%
Published-06 Jan, 2022 | 15:29
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service Requests Section in login panel.

Action-Not Available
Vendor-vehicle_service_management_system_projectn/a
Product-vehicle_service_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-5471
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 21.54%
||
7 Day CHG~0.00%
Published-09 Sep, 2019 | 17:47
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45906
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.47% / 63.49%
||
7 Day CHG~0.00%
Published-27 Dec, 2021 | 22:32
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen.

Action-Not Available
Vendor-n/aOpenWrt
Product-openwrtn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46025
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 41.23%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 22:54
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross SIte Scripting (XSS) vulnerability exists in OneBlog <= 2.2.8. via the add function in the operation tab list in the background.

Action-Not Available
Vendor-oneblog_projectn/a
Product-oneblogn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-6973
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.62% / 69.24%
||
7 Day CHG~0.00%
Published-31 Mar, 2017 | 04:26
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2.

Action-Not Available
Vendor-n/aMantis Bug Tracker (MantisBT)
Product-mantisbtn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-6764
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.28% / 50.77%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.5(1) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvd82064.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-adaptive_security_appliance_softwareCisco Adaptive Security Appliance
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-7256
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 42.97%
||
7 Day CHG~0.00%
Published-24 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter. Someone must login to conduct the attack.

Action-Not Available
Vendor-n/aThe CMS Made Simple Foundation
Product-cms_made_simplen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-6618
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.36% / 57.57%
||
7 Day CHG~0.00%
Published-20 Apr, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading an authenticated user of the web-based GUI on an affected system to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary code in the context of the web-based GUI on the affected system. Cisco Bug IDs: CSCvd14587.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-integrated_management_controller_supervisorCisco Integrated Management Controller
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-4995
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.21% / 43.36%
||
7 Day CHG~0.00%
Published-30 Jul, 2013 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information.

Action-Not Available
Vendor-n/aphpMyAdmin
Product-phpmyadminn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-6878
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.29% / 52.05%
||
7 Day CHG~0.00%
Published-27 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name_2 parameter to admin/column/delete.php.

Action-Not Available
Vendor-metinfon/a
Product-metinfon/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-7257
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 42.97%
||
7 Day CHG~0.00%
Published-24 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to conduct the attack.

Action-Not Available
Vendor-n/aThe CMS Made Simple Foundation
Product-cms_made_simplen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-7255
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 42.97%
||
7 Day CHG~0.00%
Published-24 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. Someone must login to conduct the attack.

Action-Not Available
Vendor-n/aThe CMS Made Simple Foundation
Product-cms_made_simplen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45866
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 41.64%
||
7 Day CHG~0.00%
Published-29 Mar, 2022 | 00:39
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Student Attendance Management System 1.0 via the couse filed in index.php.

Action-Not Available
Vendor-student_attendance_management_system_projectn/a
Product-student_attendance_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46005
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-4.61% / 88.83%
||
7 Day CHG~0.00%
Published-18 Jan, 2022 | 17:35
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via vehicalorcview parameter.

Action-Not Available
Vendor-car_rental_management_system_projectn/a
Product-car_rental_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-6340
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.23% / 45.42%
||
7 Day CHG~0.00%
Published-05 Apr, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report. Additionally, IWSVA implements incorrect access control that allows any authenticated, remote user (even with low privileges like 'Auditor') to create or modify reports, and consequently take advantage of this XSS vulnerability. The JavaScript is executed when victims visit reports or auditlog pages.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-interscan_web_security_virtual_appliancen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46084
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 41.23%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 15:46
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via "close registration information" input box.

Action-Not Available
Vendor-uscat_projectn/a
Product-uscatn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-6715
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 38.85%
||
7 Day CHG~0.00%
Published-04 Jul, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. Affected Products: Cisco Firepower Management Center Releases 5.4.1.x and prior. More Information: CSCuy88951. Known Affected Releases: 5.4.1.6.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_firewall_management_centerCisco Firepower Management Center
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-5418
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.5||LOW
EPSS-0.16% / 37.57%
||
7 Day CHG~0.00%
Published-16 Nov, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-6814
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-1.29% / 78.80%
||
7 Day CHG~0.00%
Published-12 Mar, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js.

Action-Not Available
Vendor-n/aDebian GNU/LinuxWordPress.org
Product-wordpressdebian_linuxn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-6605
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.24% / 46.32%
||
7 Day CHG~0.00%
Published-04 Jul, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a reflective cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc85415. Known Affected Releases: 2.1(0.800).

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-identity_services_engineCisco Identity Services Engine
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-44760
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.8||MEDIUM
EPSS-0.17% / 38.27%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 18:00
Updated-23 Apr, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP-DownloadManager plugin <= 1.68.6 - Auth. Reflected Cross-Site Scripting (XSS) vulnerability

Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability discovered in WP-DownloadManager plugin <= 1.68.6 versions.

Action-Not Available
Vendor-wp-downloadmanager_projectLester 'GaMerZ' Chan
Product-wp-downloadmanagerWP-DownloadManager (WordPress plugin)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-6215
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.27% / 50.50%
||
7 Day CHG~0.00%
Published-02 Aug, 2018 | 21:00
Updated-05 Aug, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution.

Action-Not Available
Vendor-paypaln/a
Product-php_permissions_sdkn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-5222
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.17% / 39.08%
||
7 Day CHG~0.00%
Published-30 Dec, 2013 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aEnvironmental Systems Research Institute, Inc. ("Esri")
Product-arcgis_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-6749
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.24% / 46.32%
||
7 Day CHG~0.00%
Published-25 Jul, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88865. Known Affected Releases: 10.1.0-204.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-web_security_virtual_applianceweb_security_applianceCisco Web Security Appliance
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-20345
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.30% / 52.43%
||
7 Day CHG~0.00%
Published-01 Sep, 2021 | 21:25
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered into the search box.

Action-Not Available
Vendor-wtcms_projectn/a
Product-wtcmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-3961
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-3.5||LOW
EPSS-0.34% / 55.90%
||
7 Day CHG~0.00%
Published-25 May, 2018 | 13:00
Updated-16 Sep, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SB10192 - Network Security Management (NSM) - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes.

Action-Not Available
Vendor-McAfee, LLC
Product-network_security_managerNetwork Security Management (NSM)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45675
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-0.18% / 40.45%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:24
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by stored XSS. This affects R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6700v2 before 1.2.0.76, R6900v2 before 1.2.0.76, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, and AC2600 before 1.2.0.76.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6350_firmwarer6700v2_firmwarer6850_firmwarer6120r7450_firmwarer6330ac2600r6800_firmwareac2400r6900v2ac2100_firmwarer7200_firmwarer6120_firmwarer6800r6900v2_firmwarer7400r6700v2ac2100r6850r6260_firmwarer6260r6350r7350r7450r6330_firmwareac2400_firmwarer7350_firmwarer7400_firmwarer7200ac2600_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-3888
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.20% / 42.59%
||
7 Day CHG~0.00%
Published-07 Apr, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability affects Cisco Unified Communications Manager with a default configuration running an affected software release with the attacker authenticated as the administrative user. More Information: CSCvc83712. Known Affected Releases: 12.0(0.98000.452). Known Fixed Releases: 12.0(0.98000.750) 12.0(0.98000.708) 12.0(0.98000.707) 12.0(0.98000.704) 12.0(0.98000.554) 12.0(0.98000.546) 12.0(0.98000.543) 12.0(0.98000.248) 12.0(0.98000.244) 12.0(0.98000.242).

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_communications_managerCisco Unified Communications Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-6029
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 34.68%
||
7 Day CHG~0.00%
Published-06 May, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. This may allow remote code execution.

Action-Not Available
Vendor-certec_edv_gmbhn/a
Product-atvise_scadaCertec EDV GmbH atvise scada
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46150
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.24% / 46.30%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 05:53
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Special:CheckUserLog allows CheckUser XSS because of date mishandling, as demonstrated by an XSS payload in MediaWiki:October.

Action-Not Available
Vendor-n/aWikimedia Foundation
Product-mediawikin/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45227
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 41.64%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 14:12
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting (XSS) attack.

Action-Not Available
Vendor-coins-globaln/a
Product-coins_construction_cloudn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-44911
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 42.97%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 15:40
Updated-04 Aug, 2024 | 04:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XE before 1.11.6 is vulnerable to Unrestricted file upload via modules/menu/menu.admin.controller.php. When uploading the Mouse over button and When selected button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities.

Action-Not Available
Vendor-xpressenginen/a
Product-xpressenginen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-3964
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-3.5||LOW
EPSS-0.24% / 46.23%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 13:00
Updated-17 Sep, 2024 | 04:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SB10192 - Network Security Management (NSM) - Reflective Cross-Site Scripting (XSS) vulnerability

Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter.

Action-Not Available
Vendor-McAfee, LLC
Product-network_security_managerNetwork Security Management (NSM)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-5532
Matching Score-4
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-4
Assigner-TIBCO Software Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.27% / 49.89%
||
7 Day CHG~0.00%
Published-15 Nov, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO JasperReports persistent cross site scripting

A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow a subset of authorized users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO JasperReports Server 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0 and below, TIBCO JasperReports Library 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0; 6.4.1, TIBCO JasperReports Library for ActiveMatrix BPM 6.4.1 and below, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0 and below, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0 and below, TIBCO Jaspersoft Studio 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, and TIBCO Jaspersoft Studio for ActiveMatrix BPM 6.4.0 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-jaspersoft_studiojasperreports_libraryjasperreports_serverjaspersoftjaspersoft_reporting_and_analyticsTIBCO Jaspersoft StudioTIBCO Jaspersoft Studio for ActiveMatrix BPMTIBCO Jaspersoft Reporting and Analytics for AWSTIBCO JasperReports Library for ActiveMatrix BPMTIBCO Jaspersoft for AWS with Multi-TenancyTIBCO JasperReports LibraryTIBCO JasperReports Server Community EditionTIBCO JasperReports Server for ActiveMatrix BPMTIBCO JasperReports Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46108
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-1.10% / 77.16%
||
7 Day CHG~0.00%
Published-18 Feb, 2022 | 03:58
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DSL-2730E CT-20131125 devices allow XSS via the username parameter to the password page in the maintenance configuration.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dsl-2730edsl-2730e_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 127
  • 128
  • Next
Details not found