Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2214 | 1 Posh Project | 1 Posh | 2019-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3.0 through 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) error parameter to /includes/plugins/mobile/scripts/login.php or (2) id parameter to portal/openrssarticle.php | |||||
| CVE-2015-4457 | 1 Cloudera | 1 Cloudera Manager | 2019-12-02 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors. | |||||
| CVE-2019-19385 | 1 Fusionpbx | 1 Fusionpbx | 2019-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter. | |||||
| CVE-2019-19387 | 1 Fusionpbx | 1 Fusionpbx | 2019-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter. | |||||
| CVE-2019-19388 | 1 Fusionpbx | 1 Fusionpbx | 2019-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter. | |||||
| CVE-2019-19386 | 1 Fusionpbx | 1 Fusionpbx | 2019-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter. | |||||
| CVE-2019-19384 | 1 Fusionpbx | 1 Fusionpbx | 2019-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter. | |||||
| CVE-2015-9297 | 1 Wp-events-plugin | 1 Events Manager | 2019-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.6 for WordPress has XSS. | |||||
| CVE-2019-18454 | 1 Gitlab | 1 Gitlab | 2019-11-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 10.5 through 12.4 in link validation for RDoc wiki pages feature. It has XSS. | |||||
| CVE-2018-1000426 | 1 Jenkins | 1 Git Changelog | 2019-11-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attackers able to control the Git history parsed by the plugin to have Jenkins render arbitrary HTML on some pages. | |||||
| CVE-2012-0812 | 2 Debian, Postfix Admin Project | 2 Debian Linux, Postfix Admin | 2019-11-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| PostfixAdmin 2.3.4 has multiple XSS vulnerabilities | |||||
| CVE-2019-14343 | 1 Vocabularyserver | 1 Tematres | 2019-11-25 | 3.5 LOW | 5.4 MEDIUM |
| TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabulario_id=list URI. | |||||
| CVE-2014-1238 | 1 Ideagen | 1 Q-pulse | 2019-11-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in ui/common/managedlistdialog.aspx in Gael Q-Pulse 0.6 and earlier. | |||||
| CVE-2019-15071 | 1 Openfind | 1 Mail2000 | 2019-11-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of governments, organizations, companies and universities. | |||||
| CVE-2018-8048 | 2 Debian, Loofah Project | 2 Debian Linux, Loofah | 2019-11-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment. | |||||
| CVE-2019-15072 | 1 Openfind | 1 Mail2000 | 2019-11-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via any parameter. This vulnerability affects many mail system of governments, organizations, companies and universities. | |||||
| CVE-2011-3352 | 1 Ziku | 1 Zikula | 2019-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website. | |||||
| CVE-2010-4659 | 1 Status | 1 Statusnet | 2019-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in statusnet through 2010 in error message contents. | |||||
| CVE-2019-18982 | 1 Pimcore | 1 Pimcore | 2019-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header. | |||||
| CVE-2017-16798 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg. | |||||
| CVE-2011-4454 | 1 Tiki | 1 Tiki | 2019-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting vulnerabilities in Tiki 8.0 RC1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-remind_password.php, (2) tiki-index.php, (3) tiki-login_scr.php, or (4) tiki-index. | |||||
| CVE-2011-4455 | 1 Tiki | 1 Tiki | 2019-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4) tiki-rename_page.php. | |||||
| CVE-2019-12299 | 1 Sandline | 1 Centraleyezer | 2019-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sandline Centraleyezer (On Premises) allows Stored XSS using HTML entities in the name field of the Category section. | |||||
| CVE-2019-12311 | 1 Sandline | 1 Centraleyezer | 2019-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sandline Centraleyezer (On Premises) allows Unrestricted File Upload leading to Stored XSS. An HTML page running a script could be uploaded to the server. When a victim tries to download a CISO Report template, the script is loaded. | |||||
| CVE-2013-2092 | 1 Dolibarr | 1 Dolibarr | 2019-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php. | |||||
| CVE-2013-0193 | 1 Matomo | 1 Matomo | 2019-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195. | |||||
| CVE-2013-0195 | 1 Matomo | 1 Matomo | 2019-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0194. | |||||
| CVE-2013-0194 | 1 Matomo | 1 Matomo | 2019-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0195. | |||||
| CVE-2018-0585 | 1 Ultimatemember | 1 Ultimate Member | 2019-11-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-0577 | 1 Google Map Project | 1 Google Map | 2019-11-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in WP Google Map Plugin prior to version 4.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-20965 | 1 Ultimatemember | 1 Ultimate Member | 2019-11-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ultimate-member plugin before 2.0.4 for WordPress has XSS. | |||||
| CVE-2019-12637 | 1 Cisco | 1 Identity Services Engine | 2019-11-20 | 3.5 LOW | 5.4 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web-based management interface. The vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2019-17057 | 1 Footy | 1 Tipping Software | 2019-11-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Footy Tipping Software AFL Web Edition 2019 allows XSS. | |||||
| CVE-2019-15054 | 1 Getmailbird | 1 Mailbird | 2019-11-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Mailbird before 2.7.5.0 r allow remote attackers to execute arbitrary JavaScript in a privileged context via a crafted HTML mail message. This vulnerability is distinct from CVE-2015-4657. | |||||
| CVE-2019-17427 | 1 Redmine | 1 Redmine | 2019-11-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors. | |||||
| CVE-2012-4439 | 1 Jenkins | 1 Jenkins | 2019-11-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that points to Jenkins. | |||||
| CVE-2012-4440 | 1 Jenkins | 1 Jenkins | 2019-11-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the Violations plugin. | |||||
| CVE-2012-4441 | 1 Jenkins | 1 Jenkins | 2019-11-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin. | |||||
| CVE-2019-10070 | 1 Apache | 1 Atlas | 2019-11-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality | |||||
| CVE-2019-19040 | 1 Kairosdb Project | 1 Kairosdb | 2019-11-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| KairosDB through 1.2.2 has XSS in view.html because of showErrorMessage in js/graph.js, as demonstrated by view.html?q= with a '"sampling":{"value":"<script>' substring. | |||||
| CVE-2017-15948 | 1 Edgeofmyseat | 1 Perch | 2019-11-18 | 3.5 LOW | 4.8 MEDIUM |
| Perch Content Management System 3.0.3 allows unrestricted file upload (with resultant XSS) via the Asset Title field in conjunction with the Select File field. This is exploitable with a Limited Admin account. | |||||
| CVE-2013-4106 | 1 Cryptocat Project | 1 Cryptocat | 2019-11-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site scripting (XSS) vulnerability exists in Conversation Overview Nickname in Cryptocat before 2.0.22. | |||||
| CVE-2013-4275 | 1 Zen Project | 1 Zen | 2019-11-18 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the zen_breadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x before 7.x-3.2, and 7.x-5.x before 7.x-5.4 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the breadcrumb separator field. | |||||
| CVE-2019-17515 | 1 Cleantalk | 1 Spam Protection\, Antispam\, Firewall | 2019-11-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and inc/cleantalk-comments.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL. | |||||
| CVE-2019-17550 | 1 Adenion | 1 Blog2social | 2019-11-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2s_id parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL. | |||||
| CVE-2013-3097 | 1 Actiontec | 2 Mi424wr-gen3i, Mi424wr-gen3i Firmware | 2019-11-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FIOS Actiontec MI424WR-GEN3I router. | |||||
| CVE-2019-18923 | 1 Go-camo Project | 1 Go-camo | 2019-11-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient content type validation of proxied resources in go-camo before 2.1.1 allows a remote attacker to serve arbitrary content from go-camo's origin. | |||||
| CVE-2013-4109 | 1 Cryptocat Project | 1 Cryptocat | 2019-11-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| An unspecified cross-site scripting (XSS) vulnerability exists in Cryptocat Message Handling 1.1.165. | |||||
| CVE-2019-18957 | 1 Microstrategy | 1 Microstrategy Library | 2019-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS. | |||||
| CVE-2012-5193 | 1 Bitweaver | 1 Bitweaver | 2019-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) stats/index.php or (2) newsletters/edition.php or the (3) username parameter to users/remind_password.php, (4) days parameter to stats/index.php, (5) login parameter to users/register.php, or (6) highlight parameter. | |||||