Total
40677 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-18090 | 1 Atlassian | 1 Fisheye | 2024-11-21 | N/A |
| Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author. | ||||
| CVE-2017-18089 | 1 Atlassian | 1 Crucible | 2024-11-21 | N/A |
| The view review history resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the invited reviewers for a review. | ||||
| CVE-2017-18086 | 1 Atlassian | 1 Confluence | 2024-11-21 | N/A |
| Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter. | ||||
| CVE-2017-18085 | 1 Atlassian | 1 Confluence | 2024-11-21 | N/A |
| The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter. | ||||
| CVE-2017-18084 | 1 Atlassian | 1 Confluence | 2024-11-21 | N/A |
| The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro. | ||||
| CVE-2017-18083 | 1 Atlassian | 1 Confluence | 2024-11-21 | N/A |
| The editinword resource in Atlassian Confluence Server before version 6.4.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of an uploaded file. | ||||
| CVE-2017-18082 | 1 Atlassian | 1 Bamboo | 2024-11-21 | N/A |
| The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch. | ||||
| CVE-2017-18081 | 1 Atlassian | 1 Bamboo | 2024-11-21 | N/A |
| The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie. | ||||
| CVE-2017-18041 | 1 Atlassian | 1 Bamboo | 2024-11-21 | N/A |
| The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release. | ||||
| CVE-2017-18040 | 1 Atlassian | 1 Bamboo | 2024-11-21 | N/A |
| The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release. | ||||
| CVE-2017-18039 | 1 Atlassian | 1 Jira | 2024-11-21 | N/A |
| The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter. | ||||
| CVE-2017-18034 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | N/A |
| The source browse resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in via a specially crafted repository branch name when trying to display deleted files of the branch. | ||||
| CVE-2017-18024 | 1 Avantfax | 1 Avantfax | 2024-11-21 | N/A |
| AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1. | ||||
| CVE-2017-18023 | 1 Officetracker | 1 Officetracker | 2024-11-21 | N/A |
| Office Tracker 11.2.5 has XSS via the logincount parameter to the /otweb/OTPClientLogin URI. | ||||
| CVE-2017-18015 | 1 Wp-unit | 1 Share This Image | 2024-11-21 | N/A |
| The ILLID Share This Image plugin before 1.04 for WordPress has XSS via the sharer.php url parameter. | ||||
| CVE-2017-18014 | 1 Sophos | 2 Sfos, Xg Firewall | 2024-11-21 | N/A |
| An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page (Control Center -> Log Viewer -> in the filter option "Web Server Protection") in the webadmin interface, and execute any action available to the webadmin of the firewall (e.g., creating a new user, enabling SSH, or adding an SSH authorized key). The WAF log page will execute the "User-Agent" parameter in the HTTP POST request. | ||||
| CVE-2017-18012 | 1 Z-url Preview Project | 1 Z-url Preview | 2024-11-21 | N/A |
| The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter. | ||||
| CVE-2017-18011 | 1 Clickbank | 1 Affiliate Ads For Clickbank Products | 2024-11-21 | N/A |
| The MyCBGenie Affiliate Ads for Clickbank Products plugin through 1.6 for WordPress has XSS via the text_ads_ajax.php border_color parameter. | ||||
| CVE-2017-18010 | 1 E-goi | 1 Smart Marketing Sms And Newsletters Forms | 2024-11-21 | N/A |
| The E-goi Smart Marketing SMS and Newsletters Forms plugin before 2.0.0 for WordPress has XSS via the admin/partials/custom/egoi-for-wp-form_egoi.php url parameter. | ||||
| CVE-2017-17972 | 1 Archon Project | 1 Archon | 2024-11-21 | N/A |
| packages/subjects/pub/subjects.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?subjecttypeid=xxx request, aka Open Bug Bounty ID OBB-466362. | ||||