| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342. |
| Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data. |
| Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file. |
| A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices). An unchangeable, factory-set key is included in the 900 MHz transmitter firmware. |
| A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker may be able to upload a malicious script that attempts to redirect users to a malicious web site. |
| The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file. |
| Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data. |
| In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action. |
| In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?return_url=[XSS] exploitable as a regular or admin user. |
| Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted currency decimal-sign data. |
| The repository changelog resource in Atlassian Fisheye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters. |
| Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability." |
| Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864. |
| Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack. |
| PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter. |
| PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state_view.php cou_id parameter. |
| PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter. |
| PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter. |
| The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS. |
| PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter. |
