Export limit exceeded: 335876 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43952 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7998 | 1 Gespage | 1 Gespage | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Gespage before 7.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) printer name when adding a printer in the admin panel or (2) username parameter to webapp/users/user_reg.jsp. | ||||
| CVE-2017-7840 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks if users were convinced to add malicious tags to bookmarks, export them, and then open the resulting file. This vulnerability affects Firefox < 57. | ||||
| CVE-2017-7839 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks where users are convinced to copy and paste text into the addressbar. This vulnerability affects Firefox < 57. | ||||
| CVE-2017-7834 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| A "data:" URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when "data:" documents also inherited the context of the original page this would allow for potential cross-site scripting (XSS) attacks. This vulnerability affects Firefox < 57. | ||||
| CVE-2017-7799 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting (XSS) attack. This vulnerability affects Firefox < 55. | ||||
| CVE-2017-7636 | 1 Qnap | 1 Nas Proxy Server | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2017-7634 | 1 Qnap | 2 Media Streaming Add-on, Qts | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to inject arbitrary web script or HTML. The injected code will only be triggered by a crafted link, not the normal page. | ||||
| CVE-2017-7632 | 1 Qnap | 1 Qts | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in File Station of QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2017-7631 | 1 Qnap | 1 Qts | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the share link function of File Station of QNAP 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2017-7538 | 1 Redhat | 2 Network Satellite, Satellite | 2024-11-21 | N/A |
| A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an organization's name could exploit this flaw to perform XSS attacks against other Satellite users. | ||||
| CVE-2017-7537 | 2 Dogtagpki, Redhat | 5 Dogtagpki, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2024-11-21 | N/A |
| It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates. | ||||
| CVE-2017-7535 | 1 Theforeman | 1 Foreman | 2024-11-21 | N/A |
| foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to hosts. Exploiting this requires a user to actively assign hosts to an organization that contains html in its name which is visible to the user prior to taking action. | ||||
| CVE-2017-7534 | 1 Redhat | 1 Openshift | 2024-11-21 | N/A |
| OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the log viewer for pods. The flaw is due to lack of sanitation of user input, specifically terminal escape characters, and the creation of clickable links automatically when viewing the log files for a pod. | ||||
| CVE-2017-7514 | 1 Redhat | 3 Network Satellite, Network Satellite Managed Db, Satellite | 2024-11-21 | N/A |
| A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0. A user able to specify a failed action could exploit this flaw to perform XSS attacks against other Satellite users. | ||||
| CVE-2017-7463 | 1 Redhat | 3 Jboss Bpm Suite, Jboss Bpms, Jboss Enterprise Brms Platform | 2024-11-21 | N/A |
| JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code within the context of the affected user. | ||||
| CVE-2017-7438 | 1 Netiq | 1 Privileged Account Manager | 2024-11-21 | N/A |
| NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied cookie parameter. | ||||
| CVE-2017-7437 | 1 Netiq | 1 Privileged Account Manager | 2024-11-21 | N/A |
| NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via the "type" and "account" parameters of json requests. | ||||
| CVE-2017-7427 | 1 Netiq | 1 Identity Manager | 2024-11-21 | N/A |
| Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in the Object Selector, via vdtData in the Version discovery and via nextFrame in the Object Inspector and via Host GUID in the System details plugins. | ||||
| CVE-2017-7419 | 1 Netiq | 1 Access Manager | 2024-11-21 | N/A |
| A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider. | ||||
| CVE-2017-7340 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | N/A |
| A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality. | ||||