Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15782 | 1 Webtorrent | 1 Webtorrent | 2019-09-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name. | |||||
| CVE-2019-14807 | 1 Mediawiki | 1 Mobilefrontend | 2019-09-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php. | |||||
| CVE-2019-16751 | 1 Devise Token Auth Project | 1 Devise Token Auth | 2019-09-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting (XSS) through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects the fallback_render method in the omniauth callbacks controller. | |||||
| CVE-2019-16725 | 1 Joomla | 1 Joomla\! | 2019-09-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates. | |||||
| CVE-2019-1262 | 1 Microsoft | 1 Sharepoint Foundation | 2019-09-24 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | |||||
| CVE-2019-16681 | 1 Traveloka | 1 Traveloka | 2019-09-24 | 2.6 LOW | 4.7 MEDIUM |
| The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to the opening of arbitrary URLs, which can inject deceptive content into the UI. (When in physical possession of the device, opening local files is also possible.) NOTE: As of 2019-09-23, the vendor has not agreed that this issue has serious impact. The vendor states that the issue is not critical because it does not allow Elevation of Privilege, Sensitive Data Leakage, or any critical unauthorized activity from a malicious user. The vendor also states that a victim must first install a malicious APK to their application. | |||||
| CVE-2018-9090 | 1 Redhat | 1 Tectonic | 2019-09-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using default credentials (admin/admin) for the administrator account located at grafana-credentials secret. This occurs because CoreOS does not randomize the administrative password to later be configured by Tectonic administrators. An attacker can insert an XSS payload into the dashboards. | |||||
| CVE-2019-12407 | 1 Apache | 1 Jspwiki | 2019-09-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | |||||
| CVE-2019-10090 | 1 Apache | 1 Jspwiki | 2019-09-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | |||||
| CVE-2019-12404 | 1 Apache | 1 Jspwiki | 2019-09-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | |||||
| CVE-2019-10089 | 1 Apache | 1 Jspwiki | 2019-09-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | |||||
| CVE-2019-10087 | 1 Apache | 1 Jspwiki | 2019-09-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | |||||
| CVE-2018-18381 | 1 Zblogcn | 1 Z-blogphp | 2019-09-23 | 3.5 LOW | 5.4 MEDIUM |
| Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments. | |||||
| CVE-2019-16703 | 1 Phpmywind | 1 Phpmywind | 2019-09-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| admin/infolist_add.php in PHPMyWind 5.6 has stored XSS. | |||||
| CVE-2019-16704 | 1 Phpmywind | 1 Phpmywind | 2019-09-23 | 3.5 LOW | 4.8 MEDIUM |
| admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS. | |||||
| CVE-2015-9403 | 1 Neuvoo | 1 Neuvoo-jobroll | 2019-09-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_location XSS. | |||||
| CVE-2019-16657 | 1 Tuzicms | 1 Tuzicms | 2019-09-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/. | |||||
| CVE-2019-16661 | 1 Digimute | 1 Ogma Cms | 2019-09-23 | 3.5 LOW | 5.4 MEDIUM |
| Ogma CMS 0.5 has XSS via creation of a new blog. | |||||
| CVE-2019-14915 | 1 Prise | 1 Adas | 2019-09-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This leads to XSS when submitting a rogue certificate. | |||||
| CVE-2019-14913 | 1 Prise | 1 Adas | 2019-09-23 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel. | |||||
| CVE-2018-16379 | 1 Digimute | 1 Ogma Cms | 2019-09-23 | 3.5 LOW | 4.8 MEDIUM |
| Ogma CMS 0.4 Beta has XSS via the "Footer Text footer" field on the "Theme/Theme Options" screen. | |||||
| CVE-2019-14911 | 1 Prise | 1 Adas | 2019-09-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS. | |||||
| CVE-2019-16664 | 1 Thinksaas | 1 Thinksaas | 2019-09-23 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter. | |||||
| CVE-2019-16665 | 1 Thinksaas | 1 Thinksaas | 2019-09-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element. | |||||
| CVE-2018-11200 | 1 Acquia | 1 Mautic | 2019-09-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mautic 2.13.1. It has Stored XSS via the company name field. | |||||
| CVE-2015-9405 | 1 Wp-piwik Project | 1 Wp-piwik | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-piwik plugin before 1.0.5 for WordPress has XSS. | |||||
| CVE-2015-9404 | 1 Neuvoo | 1 Neuvoo-jobroll | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_keywords XSS. | |||||
| CVE-2019-11559 | 1 Hrworks | 1 Hrworks | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-site scripting (XSS) vulnerability in HRworks V 1.16.1 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to the Login component. | |||||
| CVE-2015-9385 | 1 Bestwebsoft | 1 Quotes And Tips | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The quotes-and-tips plugin before 1.20 for WordPress has XSS. | |||||
| CVE-2019-16643 | 1 Zrlog | 1 Zrlog | 2019-09-20 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area. | |||||
| CVE-2015-9397 | 1 Webmaster-source | 1 Gocodes | 2019-09-20 | 3.5 LOW | 5.4 MEDIUM |
| The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS. | |||||
| CVE-2015-9401 | 1 Websimon-tables Project | 1 Websimon-tables | 2019-09-20 | 3.5 LOW | 4.8 MEDIUM |
| The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php edit_style id XSS. | |||||
| CVE-2015-9391 | 1 Ostenta | 1 Yawpp | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter. | |||||
| CVE-2015-9386 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage operation. | |||||
| CVE-2015-9396 | 1 Attosoft | 1 Auto Thickbox Plus | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The auto-thickbox-plus plugin through 1.9 for WordPress has wp-content/plugins/auto-thickbox-plus/download.min.php?file= XSS. | |||||
| CVE-2019-15086 | 1 Prise | 1 Adas | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message. | |||||
| CVE-2015-9407 | 1 Cyberseo | 1 Xpinner Lite | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS. | |||||
| CVE-2015-9393 | 1 Usersultra | 1 Users Ultra Membership | 2019-09-20 | 3.5 LOW | 5.4 MEDIUM |
| The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter. | |||||
| CVE-2015-9392 | 1 Usersultra | 1 Users Ultra Membership | 2019-09-20 | 3.5 LOW | 5.4 MEDIUM |
| The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_name parameter. | |||||
| CVE-2016-10999 | 1 Momizat | 1 Goodnews | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Goodnews theme through 2016-02-28 for WordPress has XSS via the s parameter. | |||||
| CVE-2016-11013 | 1 Agentevolution | 1 Impress Listings | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS. | |||||
| CVE-2016-11012 | 1 Solaplugins | 1 Sola Support Tickets | 2019-09-20 | 3.5 LOW | 5.4 MEDIUM |
| The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS. | |||||
| CVE-2015-9389 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2019-09-20 | 3.5 LOW | 5.4 MEDIUM |
| The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via a quiz name. | |||||
| CVE-2015-9384 | 1 Bestwebsoft | 1 Relevant | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The relevant plugin before 1.0.8 for WordPress has XSS. | |||||
| CVE-2016-11005 | 1 Elfsight | 1 Instalinker | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS. | |||||
| CVE-2016-11001 | 1 Plugin-planet | 1 User Submitted Posts | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field. | |||||
| CVE-2016-10998 | 1 Ocimscripts | 1 Ocim-mp3 | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.php?id= XSS. | |||||
| CVE-2019-16525 | 1 Checklist | 1 Checklist | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code. | |||||
| CVE-2018-18660 | 1 Arcserve | 1 Udp | 2019-09-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue. | |||||
| CVE-2019-16333 | 1 Get-simple | 1 Getsimple Cms | 2019-09-19 | 3.5 LOW | 5.4 MEDIUM |
| GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php. | |||||