Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2216 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2020-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-18032 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2020-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php. | |||||
| CVE-2020-10094 | 1 Lexmark | 160 6500e, 6500e Firmware, C734 and 157 more | 2020-05-04 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW74.VYL.P273; CS41x before LW74.VY2.P273; CS51x before LW74.VY4.P273; CX310 before LW74.GM2.P273; CX410 & XC2130 before LW74.GM4.P273; CX510 & XC2132 before LW74.GM7.P273; MS310, MS312, MS317 before LW74.PRL.P273; MS410, M1140 before LW74.PRL.P273; MS315, MS415, MS417 before LW74.TL2.P273; MS51x, MS610dn, MS617 before LW74.PR2.P273; M1145, M3150dn before LW74.PR2.P273; MS610de, M3150 before LW74.PR4.P273; MS71x,M5163dn before LW74.DN2.P273; MS810, MS811, MS812, MS817, MS818 before LW74.DN2.P273; MS810de, M5155, M5163 before LW74.DN4.P273; MS812de, M5170 before LW74.DN7.P273; MS91x before LW74.SA.P273; MX31x, XM1135 before LW74.SB2.P273; MX410, MX510 & MX511 before LW74.SB4.P273; XM1140, XM1145 before LW74.SB4.P273; MX610 & MX611 before LW74.SB7.P273; XM3150 before LW74.SB7.P273; MX71x, MX81x before LW74.TU.P273; XM51xx & XM71xx before LW74.TU.P273; MX91x & XM91x before LW74.MG.P273; MX6500e before LW74.JD.P273; C746 before LHS60.CM2.P738; C748, CS748 before LHS60.CM4.P738; C792, CS796 before LHS60.HC.P738; C925 before LHS60.HV.P738; C950 before LHS60.TP.P738; X548 & XS548 before LHS60.VK.P738; X74x & XS748 before LHS60.NY.P738; X792 & XS79x before LHS60.MR.P738; X925 & XS925 before LHS60.HK.P738; X95x & XS95x before LHS60.TQ.P738; 6500e before LHS60.JR.P738;C734 LR.SK.P824 and earlier; C736 LR.SKE.P824 and earlier; E46x LR.LBH.P824 and earlier; T65x LR.JP.P824 and earlier; X46x LR.BS.P824 and earlier; X65x LR.MN.P824 and earlier; X73x LR.FL.P824 and earlier; W850 LP.JB.P823 and earlier; and X86x LP.SP.P823 and earlier. | |||||
| CVE-2020-12132 | 1 Fifthplay | 1 S.a.m.i | 2020-05-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Fifthplay S.A.M.I before 2019.3_HP2 allows unauthenticated stored XSS via a POST request. | |||||
| CVE-2020-12472 | 1 Mono | 1 Monox | 2020-05-04 | 3.5 LOW | 5.4 MEDIUM |
| MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description. | |||||
| CVE-2020-12276 | 1 Gitlab | 1 Gitlab | 2020-05-04 | 3.5 LOW | 4.8 MEDIUM |
| GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature. | |||||
| CVE-2018-21209 | 1 Netgear | 20 Jnr1010, Jnr1010 Firmware, Jr6150 and 17 more | 2020-05-04 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by reflected XSS. This affects JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.20, R6050 before 1.0.1.10, R6220 before 1.1.0.60, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.46, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46. | |||||
| CVE-2020-11822 | 1 Rukovoditel | 1 Rukovoditel | 2020-05-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page. Thus, an attacker can inject malicious script to steal all users' valuable data. | |||||
| CVE-2017-12358 | 1 Cisco | 1 Jabber | 2020-05-04 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf79080, CSCvf79088. | |||||
| CVE-2020-6579 | 1 Mailbeez | 1 Mailbeez | 2020-05-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in mailhive/cloudbeez/cloudloader.php and mailhive/cloudbeez/cloudloader_core.php in the MailBeez plugin for ZenCart before 3.9.22 allows remote attackers to inject arbitrary web script or HTML via the cloudloader_mode parameter. | |||||
| CVE-2019-11999 | 1 Hpe | 1 Opencall Media Platform | 2020-05-01 | 4.9 MEDIUM | 6.9 MEDIUM |
| Potential security vulnerabilities have been identified in HPE OpenCall Media Platform (OCMP) resulting in remote arbitrary file download and cross site scripting. HPE has made the following updates available to resolve the vulnerability in the impacted versions of OCMP. * For OCMP version 4.4.X - please upgrade to OCMP 4.4.8 and then install RP806 * For OCMP 4.5.x please contact HPE Technical Support to obtain the necessary software updates. | |||||
| CVE-2020-10797 | 1 Netgate | 1 Pfsense | 2020-05-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense before 2.4.5 version. After passing inputs to the command and executing this command, the $result variable is not sanitized before it is printed. | |||||
| CVE-2020-7642 | 1 Lazysizes Project | 1 Lazysizes | 2020-05-01 | 3.5 LOW | 5.4 MEDIUM |
| lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not sanitized by the video-embed plugin: data-vimeo, data-vimeoparams, data-youtube and data-ytparams which can be abused to inject malicious JavaScript. | |||||
| CVE-2020-5570 | 1 Ni-consul | 1 Sales Force Assistant | 2020-05-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Sales Force Assistant version 11.2.48 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2020-12054 | 1 Catchplugins | 1 Catch Breadcrumb | 2020-04-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query). Also affected are 16 themes (if the plugin is enabled) by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO. | |||||
| CVE-2018-7652 | 1 Zonemaster | 1 Zonemaster Web Gui | 2020-04-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 has XSS. | |||||
| CVE-2020-7132 | 1 Hp | 1 Onboard Administrator | 2020-04-30 | 3.5 LOW | 5.4 MEDIUM |
| A potential security vulnerability has been identified in HPE Onboard Administrator. The vulnerability could be remotely exploited to allow Reflected Cross Site Scripting. HPE has made the following software updates and mitigation information to resolve the vulnerability in HPE Onboard Administrator. * OA 4.95 (Linux and Windows). | |||||
| CVE-2020-5568 | 1 Cybozu | 1 Garoon | 2020-04-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications 'Messages' and 'Bulletin Board'. | |||||
| CVE-2020-5564 | 1 Cybozu | 1 Garoon | 2020-04-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the application 'E-mail'. | |||||
| CVE-2016-4790 | 1 Pulsesecure | 1 Pulse Connect Secure | 2020-04-29 | 3.5 LOW | 5.5 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-4789 | 1 Pulsesecure | 1 Pulse Connect Secure | 2020-04-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-11543 | 1 Pulsesecure | 2 Pulse Connect Secure, Pulse Policy Secure | 2020-04-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1. | |||||
| CVE-2020-10935 | 1 Zulip | 1 Zulip Server | 2020-04-28 | 3.5 LOW | 5.4 MEDIUM |
| Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover. | |||||
| CVE-2017-18811 | 1 Netgear | 1 Readynas Os | 2020-04-28 | 3.5 LOW | 4.8 MEDIUM |
| NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | |||||
| CVE-2017-18812 | 1 Netgear | 1 Readynas Os | 2020-04-28 | 3.5 LOW | 4.8 MEDIUM |
| NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | |||||
| CVE-2017-18813 | 1 Netgear | 1 Readynas Os | 2020-04-28 | 3.5 LOW | 4.8 MEDIUM |
| NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | |||||
| CVE-2017-18809 | 1 Netgear | 1 Readynas Os | 2020-04-28 | 3.5 LOW | 4.8 MEDIUM |
| NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | |||||
| CVE-2020-12129 | 1 App2pro | 1 Airdisk Pro | 2020-04-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The AirDisk Pro app 5.5.3 for iOS allows XSS via the createFolder parameter of the Create Folder function. | |||||
| CVE-2020-12131 | 1 App2pro | 1 Airdisk Pro | 2020-04-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parameter (shown next to the UI logo). | |||||
| CVE-2020-12130 | 1 App2pro | 1 Airdisk Pro | 2020-04-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The AirDisk Pro app 5.5.3 for iOS allows XSS via the deleteFile parameter of the Delete function. | |||||
| CVE-2017-18700 | 1 Netgear | 46 D6400, D6400 Firmware, D7000 and 43 more | 2020-04-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects D6400 before 1.0.0.60, D7000 before 1.0.1.50, D8500 before 1.0.3.29, EX6200 before 1.0.3.84, EX7000 before 1.0.0.60, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R6900P before 1.3.0.8, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.56, R7900 before 1.0.1.26, R8000 before 1.0.4.4, R8300 before 1.0.2.106, R8500 before 1.0.2.106, R9000 before 1.0.2.52, WNDR3400v3 before 1.0.1.16, WNR3500Lv2 before 1.2.0.46, and WNDR3700v5 before 1.1.0.48. | |||||
| CVE-2017-18715 | 1 Netgear | 14 Ex3700, Ex3700 Firmware, Ex3800 and 11 more | 2020-04-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Certain NETGEAR devices are affected by reflected XSS. This affects EX3700 before 1.0.0.66, EX3800 before 1.0.0.66, EX6100 before 1.0.2.20, EX6120 before 1.0.0.34, EX6150 before 1.0.0.36, EX6200 before 1.0.3.84, and EX7000 before 1.0.0.60. | |||||
| CVE-2017-18701 | 1 Netgear | 4 R6700, R6700 Firmware, R6900 and 1 more | 2020-04-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Certain NETGEAR devices are affected by reflected XSS. This affects R6700 before 1.0.1.36 and R6900 before 1.0.1.34. | |||||
| CVE-2019-20789 | 1 Croogo | 1 Croogo | 2020-04-27 | 3.5 LOW | 4.8 MEDIUM |
| Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies. | |||||
| CVE-2018-21095 | 1 Netgear | 4 Srr60, Srr60 Firmware, Srs60 and 1 more | 2020-04-27 | 2.3 LOW | 4.3 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects SRR60 before 2.2.1.210 and SRS60 before 2.2.1.210. | |||||
| CVE-2020-9445 | 1 Zulip | 1 Zulip Server | 2020-04-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality. | |||||
| CVE-2020-12071 | 1 Anchorcms | 1 Anchor | 2020-04-27 | 3.5 LOW | 4.8 MEDIUM |
| Anchor 0.12.7 allows admins to cause XSS via crafted post content. | |||||
| CVE-2020-11416 | 1 Jetbrains | 1 Space | 2020-04-27 | 3.5 LOW | 5.4 MEDIUM |
| JetBrains Space through 2020-04-22 allows stored XSS in Chats. | |||||
| CVE-2020-6217 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2020-04-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2017-18816 | 1 Netgear | 1 Readynas Os | 2020-04-24 | 3.5 LOW | 4.8 MEDIUM |
| NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | |||||
| CVE-2017-18814 | 1 Netgear | 1 Readynas Os | 2020-04-24 | 3.5 LOW | 4.8 MEDIUM |
| NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | |||||
| CVE-2017-18820 | 1 Netgear | 1 Readynas Os | 2020-04-24 | 3.5 LOW | 4.8 MEDIUM |
| NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | |||||
| CVE-2017-18807 | 1 Netgear | 1 Readynas Os | 2020-04-24 | 3.5 LOW | 4.8 MEDIUM |
| NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | |||||
| CVE-2017-18810 | 1 Netgear | 1 Readynas Os | 2020-04-24 | 3.5 LOW | 4.8 MEDIUM |
| NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | |||||
| CVE-2017-18815 | 1 Netgear | 1 Readynas Os | 2020-04-24 | 3.5 LOW | 4.8 MEDIUM |
| NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | |||||
| CVE-2017-18784 | 1 Netgear | 34 D6200, D6200 Firmware, D7000 and 31 more | 2020-04-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44. | |||||
| CVE-2017-18783 | 1 Netgear | 36 D6200, D6200 Firmware, D7000 and 33 more | 2020-04-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44. | |||||
| CVE-2017-18821 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2020-04-24 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | |||||
| CVE-2017-18745 | 1 Netgear | 18 R6400, R6400 Firmware, R6700 and 15 more | 2020-04-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects R6400 before 1.0.1.14, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7100LG before 1.0.0.32, R7300DST before 1.0.0.56, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before 1.0.2.74. | |||||
| CVE-2017-18800 | 1 Netgear | 4 R6700, R6700 Firmware, R6800 and 1 more | 2020-04-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Certain NETGEAR devices are affected by reflected XSS. This affects R6700v2 before 1.1.0.42 and R6800 before 1.1.0.42. | |||||