| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Description parameter. |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter. |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter. |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter. |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter. |
| Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. |
| Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. |
| Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name. |
| Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery. |
| Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. |
| OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL. |
| The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field. |
| Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara. |
| Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/module_filters/index.php. |
| OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, parameter: categoryId. |
| OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/Deployment (cat_id). |
| In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id parameter. |
| In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id parameter. |
| In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request. |
| XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php. |
