Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3660 | 1 Typo3 | 1 Typo3 | 2019-11-05 | 3.5 LOW | 5.4 MEDIUM |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend. | |||||
| CVE-2013-0186 | 1 Redhat | 2 Cloudforms, Manageiq Enterprise Virtualization Manager | 2019-11-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-4107 | 1 Cryptocat Project | 1 Cryptocat | 2019-11-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cryptocat before 2.0.22: cryptocat.js handlePresence() has cross site scripting | |||||
| CVE-2010-3665 | 1 Typo3 | 1 Typo3 | 2019-11-05 | 3.5 LOW | 5.4 MEDIUM |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager. | |||||
| CVE-2005-2350 | 1 Websieve Project | 1 Websieve | 2019-11-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in websieve v0.62 allows remote attackers to inject arbitrary web script or HTML code in the web user interface. | |||||
| CVE-2019-18654 | 2 Avg, Microsoft | 2 Anti-virus, Windows | 2019-11-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. | |||||
| CVE-2019-18636 | 1 Jitbit | 1 .net Forum | 2019-11-04 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Jitbit .NET Forum (aka ASP.NET forum) 8.3.8 allows remote attackers to inject arbitrary web script or HTML via the gravatar URL parameter. | |||||
| CVE-2019-18664 | 1 Secudos | 1 Domos | 2019-11-04 | 3.5 LOW | 5.4 MEDIUM |
| The Log module in SECUDOS DOMOS before 5.6 allows XSS. | |||||
| CVE-2013-1934 | 2 Debian, Mantisbt | 2 Debian Linux, Mantisbt | 2019-11-01 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value. | |||||
| CVE-2018-18678 | 1 Gnuboard | 1 Gnuboard5 | 2019-11-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board group extra contents" parameter, aka the adm/boardgroup_form_update.php gr_1~10 parameter. | |||||
| CVE-2019-18205 | 1 Zucchetti | 1 Infobusiness | 2019-11-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Reflected Cross-site Scripting (XSS) vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1. The browsing component did not properly sanitize user input (encoded in base64). This also applies to the search functionality for the searchKey parameter. | |||||
| CVE-2019-9758 | 1 Labkey | 1 Labkey Server | 2019-11-01 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in LabKey Server 19.1.0. The display name of a user is vulnerable to stored XSS that can execute on administrators from security/permissions.view, security/addUsers.view, or wiki/Administration/page.view in the admin panel, leading to privilege escalation. | |||||
| CVE-2010-4245 | 1 Translatehouse | 1 Pootle | 2019-11-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| pootle 2.0.5 has XSS via 'match_names' parameter | |||||
| CVE-2011-0428 | 1 Ikiwiki | 1 Ikiwiki | 2019-11-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments. | |||||
| CVE-2009-4900 | 1 Pixelpost | 1 Pixelpost | 2019-11-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| pixelpost 1.7.1 has XSS | |||||
| CVE-2019-12417 | 1 Apache | 1 Airflow | 2019-11-01 | 3.5 LOW | 4.8 MEDIUM |
| A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process. | |||||
| CVE-2019-18656 | 1 Pimcore | 1 Pimcore | 2019-11-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBundle/Resources/public/js/pimcore/settings/translations.js mishandles certain HTML elements. | |||||
| CVE-2017-1000043 | 1 Mapbox | 1 Mapbox.js | 2019-10-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control | |||||
| CVE-2019-17120 | 1 Wikidsystems | 1 2fa Enterprise Server | 2019-10-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/adm_usrs.jsp. The usr parameter is vulnerable: the reflected cross-site scripting occurs immediately after the user is created. The malicious script is stored and will be executed whenever /WiKIDAdmin/adm_usrs.jsp is visited. | |||||
| CVE-2010-1673 | 1 Ikiwiki | 1 Ikiwiki | 2019-10-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment. | |||||
| CVE-2019-18419 | 1 Clonos | 1 Clonos | 2019-10-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
| CVE-2018-10727 | 1 Fabrikar | 1 Fabrik | 2019-10-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) vulnerability in the fabrik_referrer hidden field in the Fabrikar Fabrik component through v3.8.1 for Joomla! allows remote attackers to inject arbitrary web script via the HTTP Referer header. | |||||
| CVE-2018-1000855 | 1 Basecamp | 1 Easymon | 2019-10-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| easymon version 1.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Endpoint where monitoring is mounted that can result in Reflected XSS that affects Firefox. Can be used to steal cookies, depending on the cookie settings.. This attack appear to be exploitable via The victim must click on a crafted URL that contains the XSS payload. This vulnerability appears to have been fixed in 1.4.1 and later. | |||||
| CVE-2019-14928 | 2 Inea, Mitsubishielectric | 4 Me-rtu, Me-rtu Firmware, Smartrtu and 1 more | 2019-10-30 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is SerialInitialModemString in the index.php page. | |||||
| CVE-2018-11093 | 1 Ckeditor | 1 Ckeditor 5-link | 2019-10-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link (A) element. | |||||
| CVE-2019-7425 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2019-10-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter. | |||||
| CVE-2019-4409 | 1 Hcltech | 1 Traveler | 2019-10-30 | 3.5 LOW | 5.4 MEDIUM |
| HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. On the Problem Report page of the Traveler servlet pages, there is a field to specify a file attachment to provide additional problem details. An invalid file name returns an error message that includes the entered file name. If the file name is not escaped in the returned error page, it could expose a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2010-4240 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2019-10-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Tiki Wiki CMS Groupware 5.2 has XSS | |||||
| CVE-2019-9763 | 1 Openfind | 1 Mail2000 | 2019-10-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an '<object data="data:text/html' substring in an e-mail message (The vendor subsequently patched this). | |||||
| CVE-2017-1321 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2019-10-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125916. | |||||
| CVE-2019-18221 | 1 Corehr | 1 Core Portal | 2019-10-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| CoreHR Core Portal before 27.0.7 allows stored XSS. | |||||
| CVE-2019-18350 | 1 Ant.design | 1 Ant Design Pro | 2019-10-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET parameter affects the authorization component, leading to execution of JavaScript code in the login after-action script. | |||||
| CVE-2019-4459 | 1 Ibm | 1 Cloud Orchestrator | 2019-10-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163656. | |||||
| CVE-2019-4486 | 1 Ibm | 9 Maximo Asset Management, Maximo For Aviation, Maximo For Life Sciences and 6 more | 2019-10-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070. | |||||
| CVE-2016-3101 | 1 Jenkins | 1 Extra Columns | 2019-10-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows remote attackers to inject arbitrary web script or HTML by leveraging failure to filter tool tips through the configured markup formatter. | |||||
| CVE-2016-4988 | 1 Jenkins | 1 Build Failure Analyzer | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. | |||||
| CVE-2019-17581 | 1 Dormsystem Project | 1 Dormsystem | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| tonyy dormsystem through 1.3 allows DOM XSS. | |||||
| CVE-2019-18415 | 1 Restaurant Management System Project | 1 Restaurant Management System | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sourcecodester Restaurant Management System 1.0 allows XSS via the "send a message" screen. | |||||
| CVE-2019-18416 | 1 Restaurant Management System Project | 1 Restaurant Management System | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sourcecodester Restaurant Management System 1.0 allows XSS via the Last Name field of a member. | |||||
| CVE-2019-17606 | 1 Hexo-admin Project | 1 Hexo-admin | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Post editor functionality in the hexo-admin plugin versions 2.3.0 and earlier for Node.js is vulnerable to stored XSS via the content of a post. | |||||
| CVE-2019-18357 | 1 Thycotic | 1 Secret Server | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2). | |||||
| CVE-2019-18356 | 1 Thycotic | 1 Secret Server | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2). | |||||
| CVE-2019-16976 | 1 Fusionpbx | 1 Fusionpbx | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. | |||||
| CVE-2019-16977 | 1 Fusionpbx | 1 Fusionpbx | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. | |||||
| CVE-2019-8085 | 1 Adobe | 1 Experience Manager | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2019-8080 | 1 Adobe | 1 Experience Manager | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4 and 6.3 have a stored cross site scripting vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2019-8078 | 1 Adobe | 1 Experience Manager | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2019-8079 | 1 Adobe | 1 Experience Manager | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2015-9504 | 1 Weeklynews Theme Project | 1 Weeklynews Theme | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter. | |||||
| CVE-2019-8084 | 1 Adobe | 1 Experience Manager | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||