Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10423 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-feedbacks.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10418 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-attachments.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10419 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-categories.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10456 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/trash-box.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10455 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/translate.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10404 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-field.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10454 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/sitemap-generator.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10403 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-comment.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10453 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/search-users.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10436 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/my-profile.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10443 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-printed.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10445 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10395 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-group.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10401 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-article.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10396 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-language.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10393 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-field.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10394 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-glossary.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10399 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-user.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10388 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php (vulnerable file admin/include/functions-articles.php). | |||||
| CVE-2020-10391 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-article.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10400 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/article-collaboration.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10392 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-category.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10398 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-template.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-10397 | 1 Chadhaajay | 1 Phpkb | 2020-03-26 | 3.5 LOW | 4.8 MEDIUM |
| The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-news.php by adding a question mark (?) followed by the payload. | |||||
| CVE-2020-5552 | 1 Mailform | 1 Mailform | 2020-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-13389 | 1 Rainloop | 1 Webmail | 2020-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header. | |||||
| CVE-2020-10385 | 1 Wpforms | 1 Contact Form | 2020-03-25 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress. | |||||
| CVE-2020-10681 | 1 Cmsmadesimple | 1 Cms Made Simple | 2020-03-25 | 3.5 LOW | 5.4 MEDIUM |
| The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php. | |||||
| CVE-2019-10179 | 2 Dogtagpki, Redhat | 2 Dogtagpki, Enterprise Linux | 2020-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code. | |||||
| CVE-2019-10221 | 2 Dogtagpki, Redhat | 2 Dogtagpki, Enterprise Linux | 2020-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser. | |||||
| CVE-2020-1696 | 2 Dogtagpki, Redhat | 2 Dogtagpki, Certificate System | 2020-03-25 | 3.5 LOW | 5.4 MEDIUM |
| A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code. | |||||
| CVE-2019-4681 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Tivoli Netcool\/impact, Linux Kernel and 2 more | 2020-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171734. | |||||
| CVE-2019-13463 | 1 Quantumcloud | 1 Simple Link Directory | 2020-03-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin before 7.3.5 for WordPress allows remote attackers to inject arbitrary web script or HTML, because esc_html is not called for the "echo get_the_title()" or "echo $term->name" statement. | |||||
| CVE-2019-10178 | 1 Dogtagpki | 1 Dogtagpki | 2020-03-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable. | |||||
| CVE-2019-15539 | 1 Mantisbt | 1 Mantisbt | 2020-03-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed when editing the document's page. | |||||
| CVE-2020-7481 | 1 Schneider-electric | 22 Andover Continuum 5720, Andover Continuum 5720 Firmware, Andover Continuum 5740 and 19 more | 2020-03-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products' web server. | |||||
| CVE-2020-7482 | 1 Schneider-electric | 22 Andover Continuum 5720, Andover Continuum 5720 Firmware, Andover Continuum 5740 and 19 more | 2020-03-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products' web server. | |||||
| CVE-2019-4718 | 1 Ibm | 1 Jazz For Service Management | 2020-03-24 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management 3.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172123. | |||||
| CVE-2020-10820 | 1 Nagios | 1 Nagios Xi | 2020-03-23 | 3.5 LOW | 4.8 MEDIUM |
| Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter. | |||||
| CVE-2020-10821 | 1 Nagios | 1 Nagios Xi | 2020-03-23 | 3.5 LOW | 4.8 MEDIUM |
| Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter. | |||||
| CVE-2020-10819 | 1 Nagios | 1 Nagios Xi | 2020-03-23 | 3.5 LOW | 4.8 MEDIUM |
| Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter. | |||||
| CVE-2020-9344 | 1 Atlassian | 1 Subversion Application Lifecycle Management | 2020-03-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations. | |||||
| CVE-2019-16010 | 1 Cisco | 12 Isr1100-4g, Isr1100-4gltegb, Isr1100-4gltena and 9 more | 2020-03-23 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web UI of the Cisco SD-WAN vManage software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the vManage software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2020-10667 | 1 Canon | 2 Oce Colorwave 500, Oce Colorwave 500 Firmware | 2020-03-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is map(template_name). NOTE: this is fixed in the latest version. | |||||
| CVE-2020-10668 | 1 Canon | 2 Oce Colorwave 500, Oce Colorwave 500 Firmware | 2020-03-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the latest version. | |||||
| CVE-2020-10670 | 1 Canon | 2 Oce Colorwave 500, Oce Colorwave 500 Firmware | 2020-03-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. NOTE: this is fixed in the latest version. | |||||
| CVE-2019-19336 | 2 Ovirt, Redhat | 2 Ovirt-engine, Virtualization | 2020-03-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML pages that can run scripts in the context of the user's oVirt session. | |||||
| CVE-2019-15124 | 1 Mediawiki | 1 Mobilefrontend | 2020-03-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the MobileFrontend extension for MediaWiki, XSS exists within the edit summary field of the watchlist feed. This affects REL1_31, REL1_32, and REL1_33. | |||||
| CVE-2019-16070 | 1 Netsas | 1 Enigma Network Management Solution | 2020-03-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A number of stored Cross-site Scripting (XSS) vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through web application form inputs. | |||||
| CVE-2019-20513 | 1 Edx | 1 Open Edx | 2020-03-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Open edX Ironwood.1 allows support/certificates?user= reflected XSS. | |||||