Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9605 | 1 Online Lottery Php Readymade Script Project | 1 Online Lottery Php Readymade Script | 2019-04-01 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Reflected Cross-site Scripting (XSS) via the err value in a .ico picture upload. | |||||
| CVE-2017-1427 | 1 Ibm | 1 Cognos Analytics | 2019-04-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127579. | |||||
| CVE-2019-9961 | 1 Wikindx Project | 1 Wikindx | 2019-03-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in ressource view in core/modules/resource/RESOURCEVIEW.php in Wikindx prior to version 5.7.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2019-10260 | 1 Totaljs | 1 Total.js Cms | 2019-03-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html (item.message) and themes/admin/public/ui.js (column.format). | |||||
| CVE-2019-10254 | 1 Misp | 1 Misp | 2019-03-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability. | |||||
| CVE-2018-13134 | 1 Tp-link | 2 Archer C1200, Archer C1200 Firmware | 2019-03-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI. | |||||
| CVE-2018-15585 | 1 Gnuboard5 Project | 1 Gnuboard5 | 2019-03-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter. | |||||
| CVE-2019-10238 | 1 Sitemagic | 1 Sitemagic | 2019-03-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the filename parameter. | |||||
| CVE-2016-0782 | 1 Apache | 1 Activemq | 2019-03-27 | 3.5 LOW | 5.4 MEDIUM |
| The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue. | |||||
| CVE-2019-10118 | 1 Snipeitapp | 1 Snipe-it | 2019-03-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and the user's last name in the API. | |||||
| CVE-2016-10744 | 1 Select2 | 1 Select2 | 2019-03-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data. | |||||
| CVE-2018-18845 | 1 Advanced Comment System Project | 1 Advanced Comment System | 2019-03-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| internal/advanced_comment_system/index.php and internal/advanced_comment_system/admin.php in Advanced Comment System, version 1.0, contain a reflected cross-site scripting vulnerability via ACS_path. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The product is discontinued. | |||||
| CVE-2019-1571 | 1 Paloaltonetworks | 1 Expedition | 2019-03-27 | 3.5 LOW | 4.8 MEDIUM |
| The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings. | |||||
| CVE-2019-1570 | 1 Paloaltonetworks | 1 Expedition | 2019-03-27 | 3.5 LOW | 4.8 MEDIUM |
| The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings. | |||||
| CVE-2019-7646 | 1 Centos-webpanel | 1 Centos Web Panel | 2019-03-27 | 3.5 LOW | 4.8 MEDIUM |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter. | |||||
| CVE-2019-10105 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-03-27 | 3.5 LOW | 5.4 MEDIUM |
| CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager. | |||||
| CVE-2019-10107 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-03-27 | 3.5 LOW | 5.4 MEDIUM |
| CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section. | |||||
| CVE-2019-10106 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-03-27 | 3.5 LOW | 5.4 MEDIUM |
| CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section. | |||||
| CVE-2019-1569 | 1 Paloaltonetworks | 1 Expedition | 2019-03-27 | 3.5 LOW | 4.8 MEDIUM |
| The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user. | |||||
| CVE-2019-10010 | 1 Thephpleague | 1 Commonmark | 2019-03-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than CVE-2018-20583. | |||||
| CVE-2018-7205 | 1 Kentico | 1 Kentico Cms | 2019-03-26 | 3.5 LOW | 4.8 MEDIUM |
| ** DISPUTED ** Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages -> Edit template properties -> Device Layouts -> Create device layout (and edit created device layout) -> Design" screens. NOTE: the vendor has responded that there is intended functionality for authorized users to edit and update ascx code layout. | |||||
| CVE-2018-13104 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-03-26 | 3.5 LOW | 5.4 MEDIUM |
| OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID) | |||||
| CVE-2018-12652 | 1 Myadrenalin | 1 Adrenalin | 2019-03-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the LeaveEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter. | |||||
| CVE-2019-10027 | 1 Phpcms | 1 Phpcms | 2019-03-26 | 3.5 LOW | 4.8 MEDIUM |
| PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field on the personal information screen. | |||||
| CVE-2019-10016 | 1 Gforge | 1 Advanced Server | 2019-03-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by a snippet/search/?words= substring. | |||||
| CVE-2017-7340 | 1 Fortinet | 1 Fortiportal | 2019-03-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality. | |||||
| CVE-2019-7299 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2019-03-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the submit_ticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the subject parameter in wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/ajax/submit_ticket.php. | |||||
| CVE-2018-20640 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2019-03-26 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has stored Cross-Site Scripting (XSS) via the Full Name field. | |||||
| CVE-2018-14724 | 1 Mybb | 1 Ban List | 2019-03-26 | 3.5 LOW | 5.4 MEDIUM |
| In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page. | |||||
| CVE-2018-17167 | 1 Printeron | 1 Printeron | 2019-03-26 | 3.5 LOW | 5.4 MEDIUM |
| PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Name" field in the Access Control configuration, (4) "Service Name" in the Service Configuration, or (5) First Name or Last Name field in the Edit Account configuration. | |||||
| CVE-2019-9650 | 1 Upcoming Events Project | 1 Upcoming Events | 2019-03-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in upcoming_events.php in the Upcoming Events plugin before 1.33 for MyBB via a crafted name for an event. | |||||
| CVE-2019-7223 | 1 Invoiceplane | 1 Invoiceplane | 2019-03-25 | 3.5 LOW | 5.4 MEDIUM |
| InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save invoice_password parameter, aka the "PDF password" field to the "Create Invoice" option. The XSS payload is rendered at an index.php/invoices/view/## URI. NOTE: this is different from CVE-2018-12255. | |||||
| CVE-2018-10091 | 1 Audiocodes | 2 420hd Ip Phone, 420hd Ip Phone Firmware | 2019-03-25 | 3.5 LOW | 4.8 MEDIUM |
| AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow XSS. | |||||
| CVE-2019-3480 | 1 Hp | 1 Arcsight Logger | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7. | |||||
| CVE-2019-9093 | 1 Humhub | 1 Humhub | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in file/file/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing a JavaScript payload in the filename parameter is echoed back, which resulted in reflected XSS. | |||||
| CVE-2019-8938 | 1 Vertrigoserv Project | 1 Vertrigoserv | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter. | |||||
| CVE-2019-9094 | 1 Humhub | 1 Humhub | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in /s/adada/cfiles/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing JavaScript in the filename is echoed back in JavaScript code, which resulted in XSS. | |||||
| CVE-2018-20165 | 1 Opentext | 1 Opentext Portal | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI. | |||||
| CVE-2018-19934 | 1 Solarwinds | 1 Serv-u Ftp Server | 2019-03-25 | 3.5 LOW | 4.8 MEDIUM |
| SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter. | |||||
| CVE-2018-20639 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injection via the Search Bar. | |||||
| CVE-2017-2475 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames on a web site. | |||||
| CVE-2019-9914 | 1 Yop-poll | 1 Yop-poll | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes poll_id XSS. | |||||
| CVE-2019-9911 | 1 Nextscripts | 1 Social Networks Auto-poster | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS. | |||||
| CVE-2019-9910 | 1 King-theme | 1 Kingcomposer | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS. | |||||
| CVE-2017-7038 | 1 Apple | 4 Iphone Os, Safari, Tvos and 1 more | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. | |||||
| CVE-2019-9909 | 1 Givewp | 1 Give | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS. | |||||
| CVE-2019-9908 | 1 Hivewebstudios | 1 Font Organizer | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php manage_font_id XSS. | |||||
| CVE-2019-7417 | 1 Ericsson | 1 Active Library Explorer | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple parameters in the "/cgi-bin/alexserv" servlet, as demonstrated by the DB, FN, fn, or id parameter. | |||||
| CVE-2019-7421 | 1 Samsung | 3 Syncthru Web Service, X7400gx, X7400gx Firmware | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple parameters: contextpath and basedURL. | |||||
| CVE-2019-7418 | 1 Samsung | 3 Syncthru Web Service, X7400gx, X7400gx Firmware | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc. | |||||