Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1086 | 1 Openfiler | 1 Openfiler | 2020-02-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter. | |||||
| CVE-2020-8812 | 1 Bludit | 1 Bludit | 2020-02-10 | 3.5 LOW | 5.4 MEDIUM |
| ** DISPUTED ** Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug." | |||||
| CVE-2014-9126 | 1 Open-school | 1 Open-school | 2020-02-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YII_CSRF_TOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas parameters to index.php. | |||||
| CVE-2016-10878 | 1 Flippercode | 1 Google Map | 2020-02-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS. | |||||
| CVE-2016-10867 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2020-02-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages. | |||||
| CVE-2020-3149 | 1 Cisco | 1 Identity Services Engine | 2020-02-07 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack on an affected device. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by providing malicious data to a specific field within the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco ISE Software releases 2.7.0 and later contains the fix for this vulnerability. | |||||
| CVE-2020-5528 | 1 Sixapart | 1 Movable Type | 2020-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)) allows remote attackers to inject arbitrary web script or HTML in the block editor and the rich text editor via a specially crafted URL. | |||||
| CVE-2019-20173 | 1 Auth0 | 1 Login By Auth0 | 2020-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php. | |||||
| CVE-2020-6854 | 1 Sos-berlin | 1 Jobscheduler | 2020-02-07 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to inject arbitrary web script or HTML via JSON properties available from the REST API. | |||||
| CVE-2013-2684 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2020-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2020-7971 | 1 Gitlab | 1 Gitlab | 2020-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| GitLab EE 11.0 and later through 12.7.2 allows XSS. | |||||
| CVE-2020-8421 | 1 Joomla | 1 Joomla\! | 2020-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs. | |||||
| CVE-2011-1150 | 1 Bbpress | 1 Bbpress | 2020-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter. | |||||
| CVE-2020-8120 | 1 Nextcloud | 1 Nextcloud | 2020-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation. | |||||
| CVE-2019-15618 | 1 Nextcloud | 1 Nextcloud Server | 2020-02-06 | 3.5 LOW | 4.8 MEDIUM |
| Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location. | |||||
| CVE-2019-4451 | 1 Ibm | 1 Security Identity Manager | 2020-02-06 | 3.5 LOW | 5.4 MEDIUM |
| IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163493. | |||||
| CVE-2020-7973 | 1 Gitlab | 1 Gitlab | 2020-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| GitLab through 12.7.2 allows XSS. | |||||
| CVE-2019-10073 | 1 Apache | 1 Ofbiz | 2020-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks. Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16.11: 1858438, 1858543, 1860595 and 1860616 | |||||
| CVE-2020-8548 | 1 Masscode | 1 Masscode | 2020-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true). | |||||
| CVE-2014-8338 | 1 Videowhisper | 1 Webcam | 2020-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter. | |||||
| CVE-2018-7475 | 1 Icewarp | 1 Mail Server | 2020-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2011-1009 | 1 Vanillaforums | 1 Vanilla | 2020-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter. | |||||
| CVE-2011-1069 | 1 Phpshop | 1 Phpshop | 2020-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPShop through 0.8.1 has XSS. | |||||
| CVE-2010-4662 | 1 Pmwiki | 1 Pmwiki | 2020-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| PmWiki before 2.2.21 has XSS. | |||||
| CVE-2015-3612 | 1 Fortinet | 1 Fortimanager | 2020-02-05 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page. | |||||
| CVE-2020-8496 | 1 Kronos | 1 Web Time And Attendance | 2020-02-05 | 3.5 LOW | 4.8 MEDIUM |
| In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as an authenticated administrator. | |||||
| CVE-2020-8493 | 1 Kronos | 1 Web Time And Attendance | 2020-02-05 | 3.5 LOW | 4.8 MEDIUM |
| A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via multiple input fields (Login Message, Banner Message, and Password Instructions) of the com.threeis.webta.H261configMenu servlet via an authenticated administrator. | |||||
| CVE-2014-9211 | 1 Clickdesk | 1 Clickdesk | 2020-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| ClickDesk version 4.3 and below has persistent cross site scripting | |||||
| CVE-2019-20174 | 1 Auth0 | 1 Lock | 2020-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder. | |||||
| CVE-2019-20141 | 1 Laborator | 1 Neon | 2020-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter. | |||||
| CVE-2019-19968 | 1 Pandorafms | 1 Pandora Fms | 2020-02-05 | 3.5 LOW | 5.4 MEDIUM |
| PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content. | |||||
| CVE-2014-3809 | 1 Nokia | 6 1830 Photonic Service Switch-16, 1830 Photonic Service Switch-16 Firmware, 1830 Photonic Service Switch-32 and 3 more | 2020-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html. | |||||
| CVE-2014-2843 | 1 Infoware | 1 Mapsuite | 2020-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1.0.x before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-7054 | 1 D-link | 2 Dir-100, Dir-100 Firmware | 2020-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-100 4.03B07: cli.cgi XSS | |||||
| CVE-2013-2622 | 1 Uebimiau | 1 Uebimiau | 2020-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in UebiMiau 2.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the "selected_theme" parameter in error.php. | |||||
| CVE-2019-17338 | 1 Tibco | 1 Patterns - Search | 2020-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The user interface component of TIBCO Software Inc.'s TIBCO Patterns - Search contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Patterns - Search: versions 5.4.0 and below. | |||||
| CVE-2013-2623 | 1 Telaen Project | 1 Telaen | 2020-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in Telaen before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the "f_email" parameter in index.php. | |||||
| CVE-2020-8512 | 1 Icewarp | 1 Icewarp Server | 2020-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter. | |||||
| CVE-2014-3718 | 1 Exlibrisgroup | 1 Aleph 500 | 2020-02-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/tag_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to inject arbitrary web script or HTML via the (1) find, (2) lib, or (3) sid parameter. | |||||
| CVE-2013-3565 | 2 Opensuse, Videolan | 2 Opensuse, Vlc Media Player | 2020-02-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua. | |||||
| CVE-2013-4241 | 1 Hitmyserver | 1 Hms Testimonials | 2020-02-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) image, (3) url, or (4) testimonial parameter to the Testimonial form (hms-testimonials-addnew page); (5) date_format parameter to the Settings - Default form (hms-testimonials-settings page); (6) name parameter in a Save action to the Settings - Custom Fields form (hms-testimonials-settings-fields page); or (7) name parameter in a Save action to the Settings - Template form (hms-testimonials-templates-new page). | |||||
| CVE-2020-8498 | 1 Gistpress Project | 1 Gistpress | 2020-02-03 | 3.5 LOW | 5.4 MEDIUM |
| XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users (e.g., ones who have the publish_posts capability). | |||||
| CVE-2018-6464 | 1 Mycolorway | 1 Simditor | 2020-02-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1. | |||||
| CVE-2020-7994 | 1 Dolibarr | 1 Dolibarr | 2020-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the /htdocs/admin/dict.php?id=3 page; the (2) name[constname] parameter to the /htdocs/admin/const.php?mainmenu=home page; the (3) note[note] parameter to the /htdocs/admin/dict.php?id=10 page; the (4) zip[MAIN_INFO_SOCIETE_ZIP] or email[mail] parameter to the /htdocs/admin/company.php page; the (5) url[defaulturl], field[defaultkey], or value[defaultvalue] parameter to the /htdocs/admin/defaultvalues.php page; the (6) key[transkey] or key[transvalue] parameter to the /htdocs/admin/translation.php page; or the (7) [main_motd] or [main_home] parameter to the /htdocs/admin/ihm.php page. | |||||
| CVE-2012-6133 | 1 Roundup-tracker | 1 Roundup | 2020-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*. | |||||
| CVE-2013-2294 | 1 Viewgit Project | 1 Viewgit | 2020-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in ViewGit before 0.0.7 allow remote repository users to inject arbitrary web script or HTML via a (1) tag name to the Shortlog table in templates/shortlog.php or branch name to the (2) Shortlog table in templates/shortlog.php or (3) Heads table in plates/summary.php. | |||||
| CVE-2020-3121 | 1 Cisco | 90 Sf350-48, Sf350-48 Firmware, Sf350-48mp and 87 more | 2020-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2019-19632 | 1 Bigswitch | 3 Big Cloud Fabric, Big Monitoring Fabric, Multi-cloud Director | 2020-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. An unauthenticated attacker may inject stored arbitrary JavaScript (XSS), and execute it in the content of authenticated administrators. | |||||
| CVE-2020-7910 | 1 Jetbrains | 1 Teamcity | 2020-01-31 | 3.5 LOW | 5.4 MEDIUM |
| JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role. | |||||
| CVE-2020-7911 | 1 Jetbrains | 1 Teamcity | 2020-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS. | |||||