| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to location.php, related to PHP_SELF. |
| IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128376. |
| The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter. |
| Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter. |
| AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain. |
| IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128460. |
| An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as value of the user element, the code will be rendered in the context of any logged in user in the Web UI visiting "Traffic Monitor" sections "Events" and "All." As a side effect, no further events will be visible in the Traffic Monitor until the device is restarted. |
| Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action. |
| Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module. |
| SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting. |
| Portus 2.2.0 has XSS via the Team field, related to typeahead. |
| Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php. |
| IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 128464. |
| UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter. |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Description parameter. |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter. |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter. |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter. |
| In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter. |
