映射到 CWE-79 的搜索结果 (7330)

CVE-2015-5379(发布:2017-10-23 14:29:00)NMCPS
CVSS3.5

[CNNVD]Axigen Messaging Axigen Mail Server 跨站脚本漏洞--Axigen Messaging Axigen Mail Server是罗马尼亚Axigen Messaging公司的一款小型的邮件服务器,它可与SMTP、IMAP和WebMail等服务相结合使用。 Axigen Messaging Axigen Mail Server中存在跨站...

CVE-2015-5532(发布:2017-10-23 14:29:00)NMP
CVSS4.3

[原文]Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to membershiplevels.php, (2) memberslist.php, or (3) orders.php in adminpages/ or the (4) edit parameter to adminpages/membershiplevels.php.

CVE-2017-7109(发布:2017-10-22 21:29:12)NMPS
CVSS4.3

[原文]An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via crafted web content that incorrectly interacts with the Application Cache policy.

CVE-2017-7089(发布:2017-10-22 21:29:11)NMPS
CVSS4.3

[原文]An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing.

CVE-2010-3659(发布:2017-10-20 14:29:00)NMS
CVSS3.5

[原文]Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified parameters to unknown backend forms.

CVE-2016-8748(发布:2017-10-19 16:29:00)NMP
CVSS3.5

[原文]In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM.

首页上一页345678910下一页尾页 第5页 / 共1222页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站