U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): xss
There are 7,918 matching records.
Displaying matches 7,121 through 7,140.
Vuln ID Summary CVSS Severity
CVE-2017-17993

Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request.

Published: December 29, 2017; 11:29:00 PM -0500 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-17991

Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request.

Published: December 29, 2017; 11:29:00 PM -0500 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-17989

Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action.

Published: December 29, 2017; 11:29:00 PM -0500 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-17988

PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter.

Published: December 29, 2017; 11:29:00 PM -0500 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2017-17986

PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter.

Published: December 29, 2017; 11:29:00 PM -0500 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2017-17985

PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state_view.php cou_id parameter.

Published: December 29, 2017; 11:29:00 PM -0500 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2017-17984

PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter.

Published: December 29, 2017; 11:29:00 PM -0500 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2017-17981

PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter.

Published: December 29, 2017; 11:29:00 PM -0500 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-17971

The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.

Published: December 29, 2017; 1:29:00 PM -0500 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-17933

cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter.

Published: December 29, 2017; 1:29:00 PM -0500 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-17958

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter.

Published: December 28, 2017; 1:29:00 PM -0500 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-17956

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter.

Published: December 28, 2017; 1:29:00 PM -0500 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-17955

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter.

Published: December 28, 2017; 1:29:00 PM -0500 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-17954

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter.

Published: December 28, 2017; 1:29:00 PM -0500 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-17953

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter.

Published: December 28, 2017; 1:29:00 PM -0500 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-17949

Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter.

Published: December 28, 2017; 1:29:00 PM -0500 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-17948

Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request.

Published: December 28, 2017; 1:29:00 PM -0500 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-17940

PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php.

Published: December 28, 2017; 1:29:00 AM -0500 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2017-17938

PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter.

Published: December 28, 2017; 1:29:00 AM -0500 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2017-17937

Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search.

Published: December 28, 2017; 1:29:00 AM -0500 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM