CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2201 CVE-2017-1133 79 XSS 2017-03-07 2017-03-31
3.5
None Remote Medium Single system None Partial None
IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534.
2202 CVE-2017-1132 79 XSS 2017-06-23 2017-06-26
3.5
None Remote Medium Single system None Partial None
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121418.
2203 CVE-2017-1128 79 XSS 2017-02-08 2017-02-15
3.5
None Remote Medium Single system None Partial None
IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
2204 CVE-2017-1127 79 XSS 2017-02-08 2017-02-15
3.5
None Remote Medium Single system None Partial None
IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
2205 CVE-2017-1121 79 XSS 2017-02-13 2017-07-24
3.5
None Remote Medium Single system None Partial None
IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997743
2206 CVE-2017-1117 DoS 2017-06-21 2019-10-02
3.5
None Remote Medium Single system None None Partial
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID: 121155.
2207 CVE-2017-1115 74 Exec Code 2018-09-07 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 121153.
2208 CVE-2017-1114 79 XSS 2018-09-07 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121152.
2209 CVE-2017-1113 79 XSS 2017-07-05 2017-07-25
3.5
None Remote Medium Single system None Partial None
IBM Rational Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121151.
2210 CVE-2017-1106 79 XSS 2017-06-28 2017-07-03
3.5
None Remote Medium Single system None Partial None
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120744.
2211 CVE-2017-1105 119 DoS Overflow 2017-06-27 2017-07-06
3.6
None Local Low Not required None Partial Partial
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. IBM X-Force ID: 120668.
2212 CVE-2017-1104 79 XSS 2017-06-13 2017-07-07
3.5
None Remote Medium Single system None Partial None
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120666.
2213 CVE-2017-1102 79 XSS 2017-06-13 2017-07-07
3.5
None Remote Medium Single system None Partial None
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120663.
2214 CVE-2017-1101 79 XSS 2017-06-13 2017-07-07
3.5
None Remote Medium Single system None Partial None
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120662.
2215 CVE-2017-1100 79 XSS 2017-06-13 2017-07-07
3.5
None Remote Medium Single system None Partial None
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120661.
2216 CVE-2017-1098 79 XSS 2017-09-07 2017-09-14
3.5
None Remote Medium Single system None Partial None
IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120658.
2217 CVE-2017-1096 79 XSS 2017-07-05 2017-07-14
3.5
None Remote Medium Single system None Partial None
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120656.
2218 CVE-2017-0912 79 XSS 2018-07-03 2019-09-13
3.5
None Remote Medium Single system None Partial None
Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. Due to the lack sanitization, it is possible to inject arbitrary HTML code by manipulating the uploaded filename. Successful exploitation requires valid credentials to an account with "Edit" access to "Scheduling".
2219 CVE-2017-0895 200 +Info 2017-05-08 2019-10-09
3.5
None Remote Medium Single system Partial None None
Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed.
2220 CVE-2017-0893 79 XSS 2017-05-08 2019-10-09
3.5
None Remote Medium Single system None Partial None
Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. Note that Nextcloud employs a strict Content-Security-Policy preventing exploitation of this XSS issue on modern web browsers.
2221 CVE-2017-0891 79 XSS 2017-05-08 2019-10-09
3.5
None Remote Medium Single system None Partial None
Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components.
2222 CVE-2017-0890 79 XSS 2017-05-08 2019-10-09
3.5
None Remote Medium Single system None Partial None
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.
2223 CVE-2017-0792 200 +Info 2017-09-08 2017-09-12
3.3
None Local Network Low Not required Partial None None
A information disclosure vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37305578. References: B-V2017052301.
2224 CVE-2017-0785 200 +Info 2017-09-14 2018-07-27
3.3
None Local Network Low Not required Partial None None
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698.
2225 CVE-2017-0360 269 2017-04-04 2019-10-02
3.5
None Remote Medium Single system Partial None None
file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.
2226 CVE-2017-0302 118 2017-05-09 2017-07-07
3.5
None Remote Medium Single system None None Partial
In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters.
2227 CVE-2017-0255 79 XSS 2017-05-12 2017-05-23
3.5
None Remote Medium Single system None Partial None
Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka "Microsoft SharePoint XSS Vulnerability".
2228 CVE-2017-0195 79 XSS 2017-04-12 2017-04-20
3.5
None Remote Medium Single system None Partial None
Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability."
2229 CVE-2017-0191 DoS 2017-04-12 2019-10-02
3.5
None Remote Medium Single system None None Partial
A denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding, aka "Windows Denial of Service Vulnerability."
2230 CVE-2017-0164 20 DoS 2017-04-12 2017-07-10
3.5
None Remote Medium Single system None None Partial
A denial of service vulnerability exists in Windows 10 1607 and Windows Server 2016 Active Directory when an authenticated attacker sends malicious search queries, aka "Active Directory Denial of Service Vulnerability."
2231 CVE-2016-1000121 79 XSS 2016-10-27 2016-11-28
3.5
None Remote Medium Single system None Partial None
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension
2232 CVE-2016-11012 79 XSS 2019-09-20 2019-09-20
3.5
None Remote Medium Single system None Partial None
The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS.
2233 CVE-2016-10993 79 XSS 2019-09-17 2019-09-17
3.5
None Remote Medium Single system None Partial None
The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter.
2234 CVE-2016-10854 79 XSS 2019-08-01 2019-08-05
3.5
None Remote Medium Single system None Partial None
cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87).
2235 CVE-2016-10853 79 XSS 2019-08-01 2019-08-08
3.5
None Remote Medium Single system None Partial None
cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86).
2236 CVE-2016-10851 79 XSS 2019-08-01 2019-08-05
3.5
None Remote Medium Single system None Partial None
cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84).
2237 CVE-2016-10827 79 XSS 2019-08-01 2019-08-07
3.5
None Remote Medium Single system None Partial None
cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96).
2238 CVE-2016-10822 79 XSS 2019-08-01 2019-08-07
3.5
None Remote Medium Single system None Partial None
cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88).
2239 CVE-2016-10813 79 XSS 2019-08-01 2019-08-06
3.5
None Remote Medium Single system None Partial None
cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118).
2240 CVE-2016-10806 79 XSS 2019-08-07 2019-08-09
3.5
None Remote Medium Single system None Partial None
cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing Page (SEC-110).
2241 CVE-2016-10784 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows self XSS in the alias upload interface (SEC-184).
2242 CVE-2016-10783 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows self stored XSS in SSL_listkeys (SEC-182).
2243 CVE-2016-10782 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs (SEC-181).
2244 CVE-2016-10781 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows self XSS in the UI_confirm API (SEC-180).
2245 CVE-2016-10780 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-180).
2246 CVE-2016-10779 79 XSS 2019-08-06 2019-08-09
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SEC-179).
2247 CVE-2016-10778 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows self stored XSS in the listftpstable API (SEC-178).
2248 CVE-2016-10777 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177).
2249 CVE-2016-10776 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination (SEC-174).
2250 CVE-2016-10774 79 XSS 2019-08-05 2019-08-09
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172).
Total number of vulnerabilities : 4556   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 (This Page)46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.