CVE-2017-1002017 CVSS:0.0
Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability. (Last Update:2017-09-14) (Publish Update:2017-09-14)
CVE-2017-1002011 CVSS:0.0
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value->gallery_name and $value->gallery_description where anyone with privileges to modify or add galleries/images and inject javascript into the database. (Last Update:2017-09-14) (Publish Update:2017-09-14)
CVE-2017-1000078 CVSS:4.3
Linux foundation ONOS 1.9 is vulnerable to XSS in the device registration (Last Update:2017-07-19) (Publish Update:2017-07-17)
CVE-2017-1000065 CVSS:4.3
Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights Management(Users) functionality allows attackers to inject arbitrary web scripts and execute malicious scripts within an authenticated client's browser. (Last Update:2017-07-21) (Publish Update:2017-07-17)
CVE-2017-1000063 CVSS:4.3
kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 page resulting in information disclosure (Last Update:2017-07-19) (Publish Update:2017-07-17)
CVE-2017-1000059 CVSS:4.3
Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users. (Last Update:2017-07-20) (Publish Update:2017-07-17)
CVE-2017-1000058 CVSS:4.3
Stored XSS in chevereto CMS before version 3.8.11 (Last Update:2017-07-20) (Publish Update:2017-07-17)
CVE-2017-1000057 CVSS:4.3
A reflected cross-site scripting vulnerability in GetSimple CMS version 3.3.13 and earlier, allow remote attackers to inject arbitrary JavaScript in the URL-field for the administrative login page (/admin/index.php). (Last Update:2017-07-21) (Publish Update:2017-07-17)
CVE-2017-1000054 CVSS:4.3
Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages. (Last Update:2017-07-19) (Publish Update:2017-07-17)
CVE-2017-1000051 CVSS:4.3
Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content (Last Update:2017-07-20) (Publish Update:2017-07-17)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by