XSS に分類される脆弱性に紐づく CVE を、公開年で絞り込みます。一覧は新しい公開が上に来る並びで、CVSS / EPSS のリスク指標でもさらに絞り込めます。
直近の脆弱性公開や傾向を押さえ、セキュリティチームが高リスクな事象や悪用の可能性を素早く把握するためのビューです。
2017 年に公開され、XSS に分類される CVE を表示しています。 CVE の一覧へ
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2017-18004 | Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint. | 5.4 | 0.63% | 2017-12-31 | 2026-06-16 |
| CVE-2016-10704 | Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503. | 6.1 | 0.64% | 2017-12-30 | 2026-06-16 |
| CVE-2017-17089 | custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality. | 4.8 | 0.83% | 2017-12-30 | 2026-06-16 |
| CVE-2017-12813 | PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section. | 6.1 | 0.63% | 2017-12-30 | 2026-06-16 |
| CVE-2017-12812 | PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab. | 6.1 | 0.63% | 2017-12-30 | 2026-06-16 |
| CVE-2017-12811 | PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item. | 6.1 | 0.63% | 2017-12-30 | 2026-06-16 |
| CVE-2017-12810 | PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel. | 6.1 | 0.63% | 2017-12-30 | 2026-06-16 |
| CVE-2017-17995 | Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request. | 5.4 | 0.54% | 2017-12-29 | 2026-06-16 |
| CVE-2017-17994 | Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request. | 5.4 | 0.54% | 2017-12-29 | 2026-06-16 |
| CVE-2017-17993 | Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request. | 5.4 | 0.54% | 2017-12-29 | 2026-06-16 |
| CVE-2017-17991 | Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request. | 5.4 | 0.54% | 2017-12-29 | 2026-06-16 |
| CVE-2017-17989 | Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action. | 5.4 | 0.54% | 2017-12-29 | 2026-06-16 |
| CVE-2017-17988 | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter. | 4.8 | 0.49% | 2017-12-29 | 2026-06-16 |
| CVE-2017-17986 | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter. | 4.8 | 0.49% | 2017-12-29 | 2026-06-16 |
| CVE-2017-17985 | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state_view.php cou_id parameter. | 4.8 | 0.49% | 2017-12-29 | 2026-06-16 |
| CVE-2017-17984 | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter. | 4.8 | 0.49% | 2017-12-29 | 2026-06-16 |
| CVE-2017-17981 | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter. | 5.4 | 0.49% | 2017-12-29 | 2026-06-16 |
| CVE-2017-17971 | The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS. | 6.1 | 1.01% | 2017-12-29 | 2026-06-16 |
| CVE-2017-17933 | cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter. | 6.1 | 0.94% | 2017-12-29 | 2026-06-16 |
| CVE-2017-16876 | Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument. | 6.1 | 2.20% | 2017-12-29 | 2026-06-16 |