| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action. |
| PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter. |
| PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter. |
| packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?p=core/contact request, aka Open Bug Bounty ID OBB-278503. |
| Allen Disk 1.6 has XSS in the id parameter to downfile.php. |
| Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability". |
| Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of privilege vulnerability when it fails to properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint XSS Vulnerability". |
| Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8560. |
| An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint XSS vulnerability". |
| Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8559. |
| An information disclosure vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint Reflective XSS Vulnerability". |
| Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website. |
| Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. |
| PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter. |
| Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. This bug could allow an attacker to obtain sensitive information from Kibana users. |
| Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052. |
| GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is mishandled during a mouse operation by an administrator. |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI. |
| cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a "Posts > Add New" action, and during creation of new tags and users. |
| Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET. |
