Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7869 | 1 Magento | 1 Magento | 2019-08-06 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage customer groups. | |||||
| CVE-2013-7474 | 1 Windu | 1 Windu Cms | 2019-08-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit or admin/content/add, or the username parameter to admin/users. | |||||
| CVE-2016-10851 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84). | |||||
| CVE-2016-10854 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87). | |||||
| CVE-2018-20900 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399). | |||||
| CVE-2019-13387 | 1 Centos-webpanel | 1 Centos Web Panel | 2019-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected XSS in filemanager2.php (parameter fm_current_dir) allows attackers to steal a cookie or session, or redirect to a phishing website. | |||||
| CVE-2019-14653 | 1 Ipandao | 1 Editor.md | 2019-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element. | |||||
| CVE-2019-14517 | 1 Editor.md Project | 1 Editor.md | 2019-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| pandao Editor.md 1.5.0 allows XSS via the Javascript: string. | |||||
| CVE-2019-12475 | 1 Microstrategy | 1 Microstrategy Web | 2019-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation. | |||||
| CVE-2019-14472 | 1 Zurmo | 1 Zurmo | 2019-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO. | |||||
| CVE-2019-11199 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2019-08-05 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. The vulnerabilities could be exploited by low privileged users to target administrators. The viewimage.php page did not perform any contextual output encoding and would display the content within the uploaded file with a user-requested MIME type. | |||||
| CVE-2017-18417 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263). | |||||
| CVE-2017-18418 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265). | |||||
| CVE-2017-18419 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266). | |||||
| CVE-2017-18420 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269). | |||||
| CVE-2018-18570 | 1 Planonsoftware | 1 Planon | 2019-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Planon before Live Build 41 has XSS. | |||||
| CVE-2019-1010147 | 2 Bmc, Yellowfinbi | 2 Remedy Smart Reporting, Yellowfin Bi | 2019-08-05 | 3.5 LOW | 5.4 MEDIUM |
| Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browser. The component is: MIAdminStyles.i4. The attack vector is: Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. The fixed version is: 7.4 and later. | |||||
| CVE-2019-12453 | 1 Microstrategy | 1 Microstrategy Web | 2019-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation. | |||||
| CVE-2019-12345 | 1 Kibokolabs | 1 Hostel | 2019-08-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress. | |||||
| CVE-2019-3958 | 1 Wallaceit | 1 Wallacepos | 2019-08-02 | 3.5 LOW | 5.4 MEDIUM |
| Insufficient output sanitization in WallacePOS 1.4.3 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks via a crafted sales transaction. | |||||
| CVE-2019-14471 | 1 Testlink | 1 Testlink | 2019-08-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| TestLink 1.9.19 has XSS via the error.php message parameter. | |||||
| CVE-2017-16807 | 1 Getkirby | 1 Panel | 2019-08-02 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file. | |||||
| CVE-2019-5926 | 1 Kinagacms Project | 1 Kinagacms | 2019-08-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in KinagaCMS versions prior to 6.5 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-20901 | 1 Cpanel | 1 Cpanel | 2019-08-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400). | |||||
| CVE-2018-20903 | 1 Cpanel | 1 Cpanel | 2019-08-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421). | |||||
| CVE-2018-20881 | 1 Cpanel | 1 Cpanel | 2019-08-01 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446). | |||||
| CVE-2018-20878 | 1 Cpanel | 1 Cpanel | 2019-08-01 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface (SEC-441). | |||||
| CVE-2018-20877 | 1 Cpanel | 1 Cpanel | 2019-08-01 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437). | |||||
| CVE-2018-20876 | 1 Cpanel | 1 Cpanel | 2019-08-01 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434). | |||||
| CVE-2018-20875 | 1 Cpanel | 1 Cpanel | 2019-08-01 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433). | |||||
| CVE-2018-20884 | 1 Cpanel | 1 Cpanel | 2019-08-01 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367). | |||||
| CVE-2018-20910 | 1 Cpanel | 1 Cpanel | 2019-08-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357). | |||||
| CVE-2018-20915 | 1 Cpanel | 1 Cpanel | 2019-08-01 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369). | |||||
| CVE-2018-20916 | 1 Cpanel | 1 Cpanel | 2019-08-01 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-370). | |||||
| CVE-2018-20918 | 1 Cpanel | 1 Cpanel | 2019-08-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372). | |||||
| CVE-2018-20919 | 1 Cpanel | 1 Cpanel | 2019-08-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373). | |||||
| CVE-2018-20920 | 1 Cpanel | 1 Cpanel | 2019-08-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374). | |||||
| CVE-2018-20921 | 1 Cpanel | 1 Cpanel | 2019-08-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375). | |||||
| CVE-2018-20922 | 1 Cpanel | 1 Cpanel | 2019-08-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376). | |||||
| CVE-2018-20923 | 1 Cpanel | 1 Cpanel | 2019-08-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377). | |||||
| CVE-2019-1020005 | 1 Inveniosoftware | 1 Invenio-communities | 2019-08-01 | 3.5 LOW | 5.4 MEDIUM |
| invenio-communities before 1.0.0a20 allows XSS. | |||||
| CVE-2019-13607 | 1 Opera | 1 Mini | 2019-08-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Opera Mini application through 16.0.14 for iOS has a UXSS vulnerability that can be triggered by performing navigation to a javascript: URL. | |||||
| CVE-2019-1020003 | 1 Inveniosoftware | 1 Invenio-records | 2019-08-01 | 3.5 LOW | 5.4 MEDIUM |
| invenio-records before 1.2.2 allows XSS. | |||||
| CVE-2018-14037 | 1 Progress | 1 Kendo Ui | 2019-08-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the editor, the payload gets executed. Furthermore, if the payload is reflected at any other resource that does rely on the sanitisation of the editor itself, the JavaScript payload will be executed in the context of the application. This allows attackers (in the worst case) to take over user sessions. | |||||
| CVE-2019-1020019 | 1 Inveniosoftware | 1 Invenio-previewer | 2019-07-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| invenio-previewer before 1.0.0a12 allows XSS. | |||||
| CVE-2019-1020008 | 1 Stacktable.js Project | 1 Stacktable.js | 2019-07-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| stacktable.js before 1.0.4 allows XSS. | |||||
| CVE-2019-14286 | 1 Misp | 1 Misp | 2019-07-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. A malicious MISP event must be crafted in order to trigger the vulnerability. | |||||
| CVE-2019-10263 | 1 Ahsay | 1 Cloud Backup Suite | 2019-07-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When creating a trial account, it is possible to inject XSS in the Alias field, allowing the attacker to retrieve the admin's cookie and take over the account. | |||||
| CVE-2019-13414 | 1 Boiteasite | 1 Rencontre | 2019-07-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/rencontre_widget.php. | |||||
| CVE-2019-6002 | 1 Central Dogma Project | 1 Central Dogma | 2019-07-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Central Dogma 0.17.0 to 0.40.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||