Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20866 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature (SEC-461). | |||||
| CVE-2018-20868 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464). | |||||
| CVE-2018-19280 | 1 Centreon | 1 Centreon | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource name or macro expression of a poller macro. | |||||
| CVE-2018-19311 | 1 Centreon | 1 Centreon | 2019-07-30 | 3.5 LOW | 5.4 MEDIUM |
| Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen. | |||||
| CVE-2015-7672 | 1 Centreon | 1 Centreon | 2019-07-30 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Centreon 2.6.1 (fixed in Centreon 18.10.0 and Centreon web 2.8.27). | |||||
| CVE-2019-14406 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493). | |||||
| CVE-2018-20865 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459). | |||||
| CVE-2019-14387 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506). | |||||
| CVE-2019-14386 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504). | |||||
| CVE-2019-14390 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512). | |||||
| CVE-2019-14329 | 1 Espocrm | 1 Espocrm | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in EspoCRM before 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain JavaScript code. | |||||
| CVE-2019-14330 | 1 Espocrm | 1 Espocrm | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create Case. A malicious attacker can modify the firstName and lastName to contain JavaScript code. | |||||
| CVE-2019-14331 | 1 Espocrm | 1 Espocrm | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create User. A malicious attacker can modify the firstName and lastName to contain JavaScript code. | |||||
| CVE-2019-14349 | 1 Espocrm | 1 Espocrm | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the api/v1/Document functionality for storing documents in the account tab. An attacker can upload a crafted file that contains JavaScript code in its name. This code will be executed when a user opens a page of any profile with this. | |||||
| CVE-2019-14350 | 1 Espocrm | 1 Espocrm | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base. A malicious attacker can inject JavaScript code in the body parameter during api/v1/KnowledgeBaseArticle knowledge-base record creation. | |||||
| CVE-2019-12970 | 1 Squirrelmail | 1 Squirrelmail | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of (for example) a NOEMBED, NOFRAMES, NOSCRIPT, or TEXTAREA element. | |||||
| CVE-2019-14298 | 1 Veeam | 1 One Reporter | 2019-07-29 | 3.5 LOW | 5.4 MEDIUM |
| Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(config) field to addDashboard or editDashboard in CommonDataHandlerReadOnly.ashx. | |||||
| CVE-2019-14297 | 1 Veeam | 1 One Reporter | 2019-07-29 | 3.5 LOW | 5.4 MEDIUM |
| Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with a crafted Caption field to setDashboardWidget in CommonDataHandlerReadOnly.ashx. | |||||
| CVE-2019-1010207 | 1 Genetechsolutions | 1 Pie Register | 2019-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scripting (XSS). The impact is: Stealing of session cookies. The component is: File: Login. Parameters: interim-login, wp-lang, and supplied URL. The attack vector is: If a victim clicks a malicious link, the attacker can steal his/her account. The fixed version is: 3.0.16. | |||||
| CVE-2017-3848 | 1 Cisco | 1 Prime Infrastructure | 2019-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. More Information: CSCuw63001 CSCuw63003. Known Affected Releases: 2.2(2). Known Fixed Releases: 3.1(0.0). | |||||
| CVE-2017-6699 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2019-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24616 CSCvc35363 CSCvc49574. Known Affected Releases: 3.1(1) 2.0(4.0.45B). | |||||
| CVE-2019-11715 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2019-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | |||||
| CVE-2019-7954 | 1 Adobe | 1 Experience Manager | 2019-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager version 6.4 and ealier have a Stored Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user. | |||||
| CVE-2019-9230 | 1 Audiocodes | 8 Mediant 500-mbsr, Mediant 500-mbsr Firmware, Mediant 500l-msbr and 5 more | 2019-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting (XSS) vulnerability in the search function of the management web interface allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | |||||
| CVE-2019-13977 | 1 Ovidentia | 1 Ovidentia | 2019-07-27 | 3.5 LOW | 5.4 MEDIUM |
| index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=. | |||||
| CVE-2019-1010193 | 1 Hisiphp | 1 Hisiphp | 2019-07-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| hisiphp 1.0.8 is affected by: Cross Site Scripting (XSS). | |||||
| CVE-2019-11701 | 1 Mozilla | 1 Firefox | 2019-07-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. This default was left in place as a legacy feature and has now been removed. *Note: this issue only affects users with an account on the vulnerable service. Other users are unaffected.*. This vulnerability affects Firefox < 67. | |||||
| CVE-2015-7666 | 1 Codepeople | 1 Payment Form For Paypal Pro | 2019-07-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the cal parameter. | |||||
| CVE-2019-3591 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2019-07-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ePO extension in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows unauthenticated remote user to trigger specially crafted JavaScript to render in the ePO UI via a carefully crafted upload to a remote website which is correctly blocked by DLPe Web Protection. This would then render as an XSS when the DLP Admin viewed the event in the ePO UI. | |||||
| CVE-2019-1010199 | 1 Servicestack | 1 Servicestack | 2019-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site Scripting (XSS). The impact is: JavaScrpit is reflected in the server response, hence executed by the browser. The component is: the query used in the GET request is prone. The attack vector is: Since there is no server-side validation and If Browser encoding is bypassed, the victim is affected when opening a crafted URL. The fixed version is: 5.2.0. | |||||
| CVE-2019-1010113 | 1 Premiumsoftware | 1 Cleditor | 2019-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site Scripting (XSS). The impact is: An attacker might be able to inject arbitrary html and script code into the web site. The component is: jQuery plug-in. The attack vector is: the victim must open a crafted href attribute of a link (A) element. | |||||
| CVE-2018-18670 | 1 Gnuboard | 1 Gnuboard5 | 2019-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Extra Contents" parameter, aka the adm/config_form_update.php cf_1~10 parameter. | |||||
| CVE-2018-18673 | 1 Gnuboard | 1 Gnuboard5 | 2019-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Menu Link" parameter, aka the adm/menu_list_update.php me_link parameter. | |||||
| CVE-2018-18675 | 1 Gnuboard | 1 Gnuboard5 | 2019-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board title contents" parameter, aka the adm/board_form_update.php bo_mobile_subject parameter. | |||||
| CVE-2018-18671 | 1 Gnuboard | 1 Gnuboard5 | 2019-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board head contents" parameter, aka the adm/board_form_update.php bo_mobile_content_head parameter. | |||||
| CVE-2018-18669 | 1 Gnuboard | 1 Gnuboard5 | 2019-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board title contents" parameter, aka the adm/board_form_update.php bo_subject parameter. | |||||
| CVE-2018-18672 | 1 Gnuboard | 1 Gnuboard5 | 2019-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board head contents" parameter, aka the adm/board_form_update.php bo_content_head parameter. | |||||
| CVE-2018-18676 | 1 Gnuboard | 1 Gnuboard5 | 2019-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board tail contents" parameter, aka the adm/board_form_update.php bo_mobile_content_tail parameter. | |||||
| CVE-2019-3414 | 1 Zte | 2 Otcp, Otcp Firmware | 2019-07-25 | 2.3 LOW | 4.8 MEDIUM |
| All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. Due to XSS, when an attacker invokes the security management to obtain the resources of the specified operation code owned by a user, the malicious script code could be transmitted in the parameter. If the front end does not process the returned result from the interface properly, the malicious script may be executed and the user cookie or other important information may be stolen. | |||||
| CVE-2019-12537 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2019-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field. | |||||
| CVE-2019-12595 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2019-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter. | |||||
| CVE-2019-12596 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2019-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType. | |||||
| CVE-2019-12597 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2019-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via ResourcesAttachments.jsp with the parameter pageName. | |||||
| CVE-2018-0511 | 1 Meowapps | 1 Wp Retina 2x | 2019-07-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-13029 | 1 Vanderbilt | 1 Redcap | 2019-07-24 | 3.5 LOW | 4.8 MEDIUM |
| Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser. | |||||
| CVE-2018-17024 | 1 Monstra | 1 Monstra | 2019-07-23 | 3.5 LOW | 4.8 MEDIUM |
| admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an add_page action. | |||||
| CVE-2019-12927 | 1 Mailenable | 1 Mailenable | 2019-07-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| MailEnable Enterprise Premium 10.23 was vulnerable to stored and reflected cross-site scripting (XSS) attacks. Because the session cookie did not use the HttpOnly flag, it was possible to hijack the session cookie by exploiting this vulnerability. | |||||
| CVE-2019-13643 | 1 Espocrm | 1 Espocrm | 2019-07-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clicking a malicious link on the Notifications page. | |||||
| CVE-2019-1010235 | 1 Frog Cms Project | 1 Frog Cms | 2019-07-23 | 3.5 LOW | 5.4 MEDIUM |
| Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing, Alert pop-up on page, Redirecting to another phishing site, Executing browser exploits. The component is: Snippets. | |||||
| CVE-2019-1010287 | 1 Timesheet Next Gen Project | 1 Timesheet Next Gen | 2019-07-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url. | |||||