Explore CVEs related to XSS vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing XSS CVEs published in 2017. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2017-18004 | Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint. | 5.4 | 0.21% | 2017-12-31 | 2026-05-13 |
| CVE-2016-10704 | Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503. | 6.1 | 0.08% | 2017-12-30 | 2026-05-13 |
| CVE-2017-17089 | custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality. | 4.8 | 0.17% | 2017-12-30 | 2026-05-13 |
| CVE-2017-12813 | PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section. | 6.1 | 0.24% | 2017-12-30 | 2026-05-13 |
| CVE-2017-12812 | PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab. | 6.1 | 0.24% | 2017-12-30 | 2026-05-13 |
| CVE-2017-12811 | PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item. | 6.1 | 0.24% | 2017-12-30 | 2026-05-13 |
| CVE-2017-12810 | PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel. | 6.1 | 0.24% | 2017-12-30 | 2026-05-13 |
| CVE-2017-17995 | Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request. | 5.4 | 0.21% | 2017-12-30 | 2026-05-13 |
| CVE-2017-17994 | Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request. | 5.4 | 0.21% | 2017-12-30 | 2026-05-13 |
| CVE-2017-17993 | Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request. | 5.4 | 0.21% | 2017-12-30 | 2026-05-13 |
| CVE-2017-17991 | Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request. | 5.4 | 0.21% | 2017-12-30 | 2026-05-13 |
| CVE-2017-17989 | Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action. | 5.4 | 0.21% | 2017-12-30 | 2026-05-13 |
| CVE-2017-17988 | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter. | 4.8 | 0.22% | 2017-12-30 | 2026-05-13 |
| CVE-2017-17986 | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter. | 4.8 | 0.22% | 2017-12-30 | 2026-05-13 |
| CVE-2017-17985 | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state_view.php cou_id parameter. | 4.8 | 0.22% | 2017-12-30 | 2026-05-13 |
| CVE-2017-17984 | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter. | 4.8 | 0.22% | 2017-12-30 | 2026-05-13 |
| CVE-2017-17981 | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter. | 5.4 | 0.19% | 2017-12-30 | 2026-05-13 |
| CVE-2017-17971 | The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS. | 6.1 | 0.20% | 2017-12-29 | 2026-05-13 |
| CVE-2017-17933 | cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter. | 6.1 | 0.16% | 2017-12-29 | 2026-05-13 |
| CVE-2017-16876 | Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument. | 6.1 | 0.23% | 2017-12-29 | 2026-05-13 |