CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
5651 CVE-2017-1168 79 XSS 2017-08-10 2017-08-18
3.5
None Remote Medium ??? None Partial None
IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123187.
5652 CVE-2017-1164 79 XSS 2017-10-25 2017-11-13
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123036.
5653 CVE-2017-1160 79 XSS 2017-04-17 2017-04-25
3.5
None Remote Medium ??? None Partial None
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122892.
5654 CVE-2017-1150 269 2017-03-08 2019-10-03
3.5
None Remote Medium ??? Partial None None
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515.
5655 CVE-2017-1147 79 XSS 2017-11-01 2017-11-16
3.5
None Remote Medium ??? None Partial None
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122200.
5656 CVE-2017-1146 79 XSS 2017-03-20 2017-03-23
3.5
None Remote Medium ??? None Partial None
IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999736.
5657 CVE-2017-1143 200 +Info 2017-03-27 2017-03-31
3.5
None Remote Medium ??? Partial None None
IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM Reference #: 1998874.
5658 CVE-2017-1140 79 XSS 2017-06-08 2017-06-13
3.5
None Remote Medium ??? None Partial None
IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
5659 CVE-2017-1133 79 XSS 2017-03-07 2017-04-01
3.5
None Remote Medium ??? None Partial None
IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534.
5660 CVE-2017-1132 79 XSS 2017-06-23 2017-06-27
3.5
None Remote Medium ??? None Partial None
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121418.
5661 CVE-2017-1128 79 XSS 2017-02-08 2017-02-15
3.5
None Remote Medium ??? None Partial None
IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
5662 CVE-2017-1127 79 XSS 2017-02-08 2017-02-15
3.5
None Remote Medium ??? None Partial None
IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
5663 CVE-2017-1121 79 XSS 2017-02-13 2017-07-25
3.5
None Remote Medium ??? None Partial None
IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997743
5664 CVE-2017-1117 DoS 2017-06-21 2019-10-03
3.5
None Remote Medium ??? None None Partial
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID: 121155.
5665 CVE-2017-1115 74 Exec Code 2018-09-07 2019-10-09
3.5
None Remote Medium ??? None Partial None
IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 121153.
5666 CVE-2017-1114 79 XSS 2018-09-07 2019-10-09
3.5
None Remote Medium ??? None Partial None
IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121152.
5667 CVE-2017-1113 79 XSS 2017-07-05 2017-07-26
3.5
None Remote Medium ??? None Partial None
IBM Rational Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121151.
5668 CVE-2017-1106 79 XSS 2017-06-28 2017-07-03
3.5
None Remote Medium ??? None Partial None
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120744.
5669 CVE-2017-1105 119 DoS Overflow 2017-06-27 2017-07-07
3.6
None Local Low Not required None Partial Partial
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. IBM X-Force ID: 120668.
5670 CVE-2017-1104 79 XSS 2017-06-13 2017-07-08
3.5
None Remote Medium ??? None Partial None
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120666.
5671 CVE-2017-1102 79 XSS 2017-06-13 2017-07-08
3.5
None Remote Medium ??? None Partial None
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120663.
5672 CVE-2017-1101 79 XSS 2017-06-13 2017-07-08
3.5
None Remote Medium ??? None Partial None
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120662.
5673 CVE-2017-1100 79 XSS 2017-06-13 2017-07-08
3.5
None Remote Medium ??? None Partial None
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120661.
5674 CVE-2017-1098 79 XSS 2017-09-07 2017-09-14
3.5
None Remote Medium ??? None Partial None
IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120658.
5675 CVE-2017-1096 79 XSS 2017-07-05 2017-07-14
3.5
None Remote Medium ??? None Partial None
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120656.
5676 CVE-2017-0912 79 XSS 2018-07-03 2019-09-13
3.5
None Remote Medium ??? None Partial None
Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. Due to the lack sanitization, it is possible to inject arbitrary HTML code by manipulating the uploaded filename. Successful exploitation requires valid credentials to an account with "Edit" access to "Scheduling".
5677 CVE-2017-0895 200 +Info 2017-05-08 2019-10-09
3.5
None Remote Medium ??? Partial None None
Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed.
5678 CVE-2017-0893 79 XSS 2017-05-08 2019-10-09
3.5
None Remote Medium ??? None Partial None
Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. Note that Nextcloud employs a strict Content-Security-Policy preventing exploitation of this XSS issue on modern web browsers.
5679 CVE-2017-0891 79 XSS 2017-05-08 2019-10-09
3.5
None Remote Medium ??? None Partial None
Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components.
5680 CVE-2017-0890 79 XSS 2017-05-08 2019-10-09
3.5
None Remote Medium ??? None Partial None
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.
5681 CVE-2017-0792 200 +Info 2017-09-08 2017-09-12
3.3
None Local Network Low Not required Partial None None
A information disclosure vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37305578. References: B-V2017052301.
5682 CVE-2017-0785 200 +Info 2017-09-14 2018-07-28
3.3
None Local Network Low Not required Partial None None
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698.
5683 CVE-2017-0360 269 2017-04-04 2019-10-03
3.5
None Remote Medium ??? Partial None None
file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.
5684 CVE-2017-0302 118 2017-05-09 2017-07-08
3.5
None Remote Medium ??? None None Partial
In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters.
5685 CVE-2017-0255 79 XSS 2017-05-12 2017-05-23
3.5
None Remote Medium ??? None Partial None
Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka "Microsoft SharePoint XSS Vulnerability".
5686 CVE-2017-0195 79 XSS 2017-04-12 2017-04-20
3.5
None Remote Medium ??? None Partial None
Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability."
5687 CVE-2017-0191 DoS 2017-04-12 2019-10-03
3.5
None Remote Medium ??? None None Partial
A denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding, aka "Windows Denial of Service Vulnerability."
5688 CVE-2017-0164 20 DoS 2017-04-12 2017-07-11
3.5
None Remote Medium ??? None None Partial
A denial of service vulnerability exists in Windows 10 1607 and Windows Server 2016 Active Directory when an authenticated attacker sends malicious search queries, aka "Active Directory Denial of Service Vulnerability."
5689 CVE-2016-1000236 362 2019-11-19 2019-11-21
3.5
None Remote Medium ??? Partial None None
Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.
5690 CVE-2016-1000121 79 XSS 2016-10-27 2016-11-28
3.5
None Remote Medium ??? None Partial None
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension
5691 CVE-2016-1000029 79 XSS 2019-12-27 2019-12-31
3.5
None Remote Medium ??? None Partial None
Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially impact other admins (Tenable IDs 5218 and 5269).
5692 CVE-2016-1000028 79 XSS 2019-12-27 2019-12-31
3.5
None Remote Medium ??? None Partial None
Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. (Tenable ID 5198).
5693 CVE-2016-11070 79 XSS 2020-06-19 2020-06-25
3.5
None Remote Medium ??? None Partial None
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values.
5694 CVE-2016-11012 79 XSS 2019-09-20 2019-09-20
3.5
None Remote Medium ??? None Partial None
The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS.
5695 CVE-2016-10993 79 XSS 2019-09-17 2020-02-17
3.5
None Remote Medium ??? None Partial None
The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter.
5696 CVE-2016-10854 79 XSS 2019-08-01 2019-08-06
3.5
None Remote Medium ??? None Partial None
cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87).
5697 CVE-2016-10853 79 XSS 2019-08-01 2019-08-08
3.5
None Remote Medium ??? None Partial None
cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86).
5698 CVE-2016-10851 79 XSS 2019-08-01 2019-08-06
3.5
None Remote Medium ??? None Partial None
cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84).
5699 CVE-2016-10827 79 XSS 2019-08-01 2019-08-07
3.5
None Remote Medium ??? None Partial None
cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96).
5700 CVE-2016-10822 79 XSS 2019-08-01 2019-08-07
3.5
None Remote Medium ??? None Partial None
cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88).
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.