Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1356 | 1 Fortinet | 1 Fortisandbox | 2019-05-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox before 3.0 may allow an attacker to execute unauthorized code or commands via the back_url parameter in the file scan component. | |||||
| CVE-2015-7711 | 1 Atutor | 1 Atutor | 2019-05-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter. | |||||
| CVE-2019-10893 | 1 Centos-webpanel | 1 Centos Web Panel | 2019-05-02 | 3.5 LOW | 4.8 MEDIUM |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) and 0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the "CWP Settings > "Edit Settings" screen. By changing the email ID to any XSS Payload and clicking on Save Changes, the XSS Payload will execute. | |||||
| CVE-2015-7668 | 1 Easy2map | 1 Easy2map | 2019-05-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter. | |||||
| CVE-2016-8748 | 1 Apache | 1 Nifi | 2019-05-01 | 3.5 LOW | 5.4 MEDIUM |
| In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM. | |||||
| CVE-2015-9286 | 1 Nodebb | 1 Nodebb | 2019-05-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS. | |||||
| CVE-2019-11533 | 1 Projectsend | 1 Projectsend | 2019-05-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in ProjectSend before r1070 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2015-9285 | 1 Esotalk | 1 Esotalk | 2019-04-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ URI. | |||||
| CVE-2019-9955 | 1 Zyxel | 42 Atp200, Atp200 Firmware, Atp500 and 39 more | 2019-04-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter. | |||||
| CVE-2017-18041 | 1 Atlassian | 1 Bamboo | 2019-04-30 | 3.5 LOW | 5.4 MEDIUM |
| The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release. | |||||
| CVE-2018-7447 | 1 Mojoportal | 1 Mojoportal | 2019-04-30 | 3.5 LOW | 4.8 MEDIUM |
| ** DISPUTED ** mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable. NOTE: The software maintainer disputes this as a vulnerability because the fields claimed to be vulnerable to XSS are only available to administrators who are supposed to have access to add scripts. | |||||
| CVE-2017-18039 | 1 Atlassian | 1 Jira | 2019-04-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter. | |||||
| CVE-2019-7211 | 1 Smartertools | 1 Smartermail | 2019-04-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a malicious email or when viewing a malicious file attachment. | |||||
| CVE-2017-15869 | 1 Livezilla | 1 Livezilla | 2019-04-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in knowledgebase.php in LiveZilla before 7.0.8.9 allows remote attackers to inject arbitrary web script or HTML via the search-for parameter. | |||||
| CVE-2019-11592 | 1 Webidsupport | 1 Webid | 2019-04-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php, or admin/excludeuser.php, or the offset parameter to admin/edituser.php. | |||||
| CVE-2018-12099 | 2 Grafana, Netapp | 3 Grafana, Active Iq Performance Analytics Services, Storagegrid Webscale Nas Bridge | 2019-04-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. | |||||
| CVE-2019-0186 | 1 Apache | 1 Pluto | 2019-04-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting (XSS) attacks. Mitigation: * Uninstall the ChatRoomDemo war file - or - * migrate to version 3.1.0 of the chat-room-demo war file | |||||
| CVE-2018-5124 | 1 Mozilla | 1 Firefox | 2019-04-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1. | |||||
| CVE-2018-18276 | 1 Profiles Project | 1 Profiles | 2019-04-27 | 3.5 LOW | 4.8 MEDIUM |
| XSS exists in the ProFiles 1.5 component for Joomla! via the name or path parameter when creating a new folder in the administrative panel. | |||||
| CVE-2018-15584 | 1 Gnuboard | 1 Gnuboard5 | 2019-04-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in adm/boardgroup_form_update.php and adm/boardgroup_list_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2018-15582 | 1 Gnuboard | 1 Gnuboard5 | 2019-04-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in adm/sms_admin/num_book_write.php and adm/sms_admin/num_book_update.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2018-15581 | 1 Gnuboard | 1 Gnuboard5 | 2019-04-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in adm/faqmasterformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2018-15580 | 1 Gnuboard | 1 Gnuboard5 | 2019-04-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in adm/contentformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2018-1413 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2019-04-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138819. | |||||
| CVE-2019-11513 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-04-27 | 3.5 LOW | 4.8 MEDIUM |
| The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action. | |||||
| CVE-2018-16220 | 1 Audiocodes | 2 405hd, 405hd Firmware | 2019-04-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting in different input fields (domain field and personal settings) in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker (local or remote) to inject JavaScript into the web interface of the device by manipulating the phone book entries or manipulating the domain name sent to the device from the domain controller. | |||||
| CVE-2018-18643 | 1 Gitlab | 1 Gitlab | 2019-04-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS. | |||||
| CVE-2017-18086 | 1 Atlassian | 1 Confluence | 2019-04-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter. | |||||
| CVE-2017-18084 | 1 Atlassian | 1 Confluence | 2019-04-26 | 3.5 LOW | 4.8 MEDIUM |
| The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro. | |||||
| CVE-2017-18085 | 1 Atlassian | 1 Confluence | 2019-04-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter. | |||||
| CVE-2017-18081 | 1 Atlassian | 1 Bamboo | 2019-04-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The signupUser resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the value of the csrf token cookie. | |||||
| CVE-2017-1567 | 1 Ibm | 1 Rational Doors | 2019-04-26 | 3.5 LOW | 5.4 MEDIUM |
| IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131769. | |||||
| CVE-2019-0218 | 1 Apache | 1 Pony Mail | 2019-04-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface. | |||||
| CVE-2019-7219 | 1 Zarafa | 1 Webaccess | 2019-04-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead. | |||||
| CVE-2017-17092 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-04-26 | 3.5 LOW | 5.4 MEDIUM |
| wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file. | |||||
| CVE-2017-17094 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-04-26 | 3.5 LOW | 5.4 MEDIUM |
| wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL. | |||||
| CVE-2017-17093 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-04-26 | 3.5 LOW | 5.4 MEDIUM |
| wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site. | |||||
| CVE-2017-1494 | 1 Ibm | 1 Business Process Manager | 2019-04-26 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128692. | |||||
| CVE-2016-6810 | 1 Apache | 1 Activemq | 2019-04-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation. | |||||
| CVE-2019-7438 | 1 Jio | 2 Jiofi 4g M2s, Jiofi 4g M2s Firmware | 2019-04-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter. | |||||
| CVE-2017-18217 | 1 Invoiceplane | 1 Invoiceplane | 2019-04-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in InvoicePlane before 1.5.5. It was observed that the Email address and Web address parameters are vulnerable to Cross Site Scripting, related to application/modules/clients/views/view.php, application/modules/invoices/views/view.php, and application/modules/quotes/views/view.php. | |||||
| CVE-2014-8780 | 1 Jease | 1 Jease | 2019-04-25 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote authenticated users to inject arbitrary web script or HTML via a content section note. | |||||
| CVE-2018-16235 | 1 Telligent | 1 Community | 2019-04-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Telligent Community 6.x, 7.x, 8.x, 9.x before 9.2.10.11796, 10.1.x before 10.1.10.11792, and 10.2.x before 10.2.3.4725 has XSS via the Feed RSS widget. | |||||
| CVE-2018-19917 | 1 Microweber | 1 Microweber | 2019-04-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities. | |||||
| CVE-2018-1328 | 1 Apache | 1 Zeppelin | 2019-04-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permissions. Issue reported by "Josna Joseph". | |||||
| CVE-2019-11449 | 1 I-librarian | 1 I\, Librarian | 2019-04-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| I, Librarian 4.10 has XSS via the notes.php notes parameter. | |||||
| CVE-2017-6533 | 1 Webpagetest Project | 1 Webpagetest | 2019-04-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (benchmark) passed to the webpagetest-master/www/benchmarks/view.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-3872 | 1 Cisco | 1 Unified Communications Manager | 2019-04-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. More Information: CSCvc21620. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.641) 12.0(0.98000.500) 12.0(0.98000.219). | |||||
| CVE-2019-11426 | 1 Idreamsoft | 1 Icms | 2019-04-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter. | |||||
| CVE-2019-11427 | 1 Idreamsoft | 1 Icms | 2019-04-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in app/search/search.app.php in idreamsoft iCMS 7.0.14 via the public/api.php?app=search q parameter. | |||||