Total
366 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-20097 | 1 Wp-filebase Download Manager Project | 1 Wp-filebase Download Manager | 2025-04-15 | 3.5 Low |
| A vulnerability was found in WP-Filebase Download Manager Plugin 3.4.4. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. | ||||
| CVE-2017-20100 | 1 Air Transfer Project | 1 Air Transfer | 2025-04-15 | 3.5 Low |
| A vulnerability was found in Air Transfer 1.0.14/1.2.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20098 | 1 Weblizar | 1 Admin Custom Login | 2025-04-15 | 3.5 Low |
| A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely. | ||||
| CVE-2017-20108 | 1 Easy Table Project | 1 Easy Table | 2025-04-15 | 3.5 Low |
| A vulnerability classified as problematic has been found in Easy Table Plugin 1.6. This affects an unknown part of the file /wordpress/wp-admin/options-general.php. The manipulation with the input "><script>alert(1)</script> leads to basic cross site scripting. It is possible to initiate the attack remotely. | ||||
| CVE-2017-20113 | 1 Trueconf | 1 Server | 2025-04-15 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in TrueConf Server 4.3.7. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20114 | 1 Trueconf | 1 Server | 2025-04-15 | 3.5 Low |
| A vulnerability has been found in TrueConf Server 4.3.7 and classified as problematic. This vulnerability affects unknown code of the file /admin/conferences/get-all-status/. The manipulation of the argument keys[] leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20115 | 1 Trueconf | 1 Server | 2025-04-15 | 3.5 Low |
| A vulnerability was found in TrueConf Server 4.3.7 and classified as problematic. This issue affects some unknown processing of the file /admin/conferences/list/. The manipulation of the argument sort leads to basic cross site scripting (Reflected). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20116 | 1 Trueconf | 1 Server | 2025-04-15 | 3.5 Low |
| A vulnerability was found in TrueConf Server 4.3.7. It has been classified as problematic. Affected is an unknown function of the file /admin/group/list/. The manipulation of the argument checked_group_id leads to basic cross site scripting (Reflected). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20117 | 1 Trueconf | 1 Server | 2025-04-15 | 3.5 Low |
| A vulnerability was found in TrueConf Server 4.3.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/group. The manipulation leads to basic cross site scripting (DOM). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20118 | 1 Trueconf | 1 Server | 2025-04-15 | 3.5 Low |
| A vulnerability was found in TrueConf Server 4.3.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/conferences/list/. The manipulation of the argument domxss leads to basic cross site scripting (DOM). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20122 | 1 Bitrix24 | 1 Bitrix Site Manager | 2025-04-15 | 3.5 Low |
| A vulnerability classified as problematic was found in Bitrix Site Manager 12.06.2015. Affected by this vulnerability is an unknown functionality of the component Contact Form. The manipulation of the argument text with the input <img src="http://1"; on onerror="$(’p').text(’Hacked’)" /> leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20140 | 1 Ambit | 1 Movie Portal Script | 2025-04-15 | 4.3 Medium |
| A vulnerability was found in Itech Movie Portal Script 7.36. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /movie.php. The manipulation of the argument f with the input <img src=i onerror=prompt(1)> leads to basic cross site scripting (Reflected). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-33423 | 1 Cmsimple | 1 Cmsimple | 2025-04-14 | 7.4 High |
| Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section. | ||||
| CVE-2025-32230 | 2025-04-11 | 4.3 Medium | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Themeum Tutor LMS. This issue affects Tutor LMS: from n/a through 3.4.0. | ||||
| CVE-2025-32027 | 2025-04-11 | 6.1 Medium | ||
| Yii is an open source PHP web framework. Prior to 1.1.31, yiisoft/yii is vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Upgrade yiisoft/yii to version 1.1.31 or higher. | ||||
| CVE-2023-29508 | 1 Xwiki | 1 Xwiki | 2025-04-11 | 8.9 High |
| XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. | ||||
| CVE-2024-32746 | 1 Wondercms | 1 Wondercms | 2025-04-11 | 4.6 Medium |
| A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the MENU parameter under the Menu module. | ||||
| CVE-2024-25690 | 3 Esri, Linux, Microsoft | 3 Portal For Arcgis, Linux Kernel, Windows | 2025-04-10 | 4.7 Medium |
| There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser. | ||||
| CVE-2023-25833 | 1 Esri | 1 Portal For Arcgis | 2025-04-10 | 5.4 Medium |
| There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered). | ||||
| CVE-2022-38210 | 1 Esri | 1 Portal For Arcgis | 2025-04-10 | 6.1 Medium |
| There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser. | ||||