Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7419 | 1 Samsung | 3 Syncthru Web Service, X7400gx, X7400gx Firmware | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title. | |||||
| CVE-2019-7420 | 1 Samsung | 3 Syncthru Web Service, X7400gx, X7400gx Firmware | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.application/information/networkinformationView.sws" in the tabName parameter. | |||||
| CVE-2019-7437 | 1 Opensource Classified Ads Script Project | 1 Opensource Classified Ads Script | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected Cross-Site Scripting (XSS) via the Search field. | |||||
| CVE-2018-20736 | 1 Wso2 | 1 Api Manager | 2019-03-25 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product. | |||||
| CVE-2018-20737 | 1 Wso2 | 3 Api Manager, Identity Server, Identity Server As Key Manager | 2019-03-25 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product. | |||||
| CVE-2018-19694 | 1 Hms-networks | 16 Netbiter Ec150, Netbiter Ec150 Firmware, Netbiter Ec250 and 13 more | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| HMS Industrial Networks Netbiter WS100 3.30.5 devices and previous have reflected XSS in the login form. | |||||
| CVE-2019-9912 | 1 Wpgmaps | 1 Wp Google Maps | 2019-03-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO. | |||||
| CVE-2019-9913 | 1 Wp-livechat | 1 Wp Live Chat Support | 2019-03-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS. | |||||
| CVE-2019-9925 | 1 S-cms | 1 S-cms | 2019-03-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter. | |||||
| CVE-2019-7416 | 1 Opentext | 1 Documentum Webtop | 2019-03-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in "/webtop/help/en/default.htm" is vulnerable. | |||||
| CVE-2018-14486 | 1 Dnnsoftware | 1 Dotnetnuke | 2019-03-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML. | |||||
| CVE-2018-17997 | 1 Layerbb | 1 Layerbb | 2019-03-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| LayerBB 1.1.1 allows XSS via the titles of conversations (PMs). | |||||
| CVE-2019-7424 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2019-03-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. The latter is related to CVE-2009-3903. | |||||
| CVE-2019-7423 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2019-03-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter. | |||||
| CVE-2019-7422 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2019-03-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter. | |||||
| CVE-2017-7059 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2019-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. | |||||
| CVE-2017-2504 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2019-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with WebKit Editor commands. | |||||
| CVE-2018-20141 | 1 Abantecart | 1 Abantecart | 2019-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| AbanteCart 1.2.12 has reflected cross-site scripting (XSS) via the sort parameter, as demonstrated by a /apparel--accessories?sort= substring. | |||||
| CVE-2018-20212 | 1 Twiki | 1 Twiki | 2019-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter. | |||||
| CVE-2018-20140 | 1 Zenphoto | 1 Zenphoto | 2019-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zenphoto 1.4.14 has multiple cross-site scripting (XSS) vulnerabilities via different URL parameters. | |||||
| CVE-2018-20632 | 1 Advance B2b Script Project | 1 Advance B2b Script | 2019-03-21 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Scripting (XSS) via the FIRST NAME or LAST NAME field. | |||||
| CVE-2018-16519 | 1 Coyoapp | 1 Coyo | 2019-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| COYO 9.0.8, 10.0.11 and 12.0.4 has cross-site scripting (XSS) via URLs used by "iFrame" widgets. | |||||
| CVE-2018-20121 | 1 Podcastgenerator | 1 Podcast Generator | 2019-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Podcast Generator 2.7 has stored cross-site scripting (XSS) via the URL addcategory parameter. | |||||
| CVE-2018-12638 | 1 Bose | 1 Soundtouch | 2019-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app. | |||||
| CVE-2018-19509 | 1 Ens | 1 Webgalamb | 2019-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS. | |||||
| CVE-2018-19191 | 1 Webmin | 1 Webmin | 2019-03-21 | 3.5 LOW | 5.4 MEDIUM |
| Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter. | |||||
| CVE-2019-6600 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2019-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrative users and all external users are granted the "guest" role, unsanitized values can be reflected to the client via the login page. This can lead to a cross-site scripting attack against unauthenticated clients. | |||||
| CVE-2018-1763 | 1 Ibm | 1 Rational Quality Manager | 2019-03-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148617. | |||||
| CVE-2018-1764 | 1 Ibm | 1 Rational Quality Manager | 2019-03-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148618. | |||||
| CVE-2018-1759 | 1 Ibm | 1 Rational Quality Manager | 2019-03-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148613. | |||||
| CVE-2017-1000015 | 1 Phpmyadmin | 1 Phpmyadmin | 2019-03-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters | |||||
| CVE-2018-11343 | 1 Asustor | 1 Soundsgood | 2019-03-20 | 3.5 LOW | 5.4 MEDIUM |
| A persistent cross site scripting vulnerability in playlistmanger.cgi in the ASUSTOR SoundsGood application allows attackers to store cross site scripting payloads via the 'playlist' POST parameter. | |||||
| CVE-2017-8550 | 1 Microsoft | 1 Office | 2019-03-19 | 4.3 MEDIUM | 5.4 MEDIUM |
| A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability". | |||||
| CVE-2017-7985 | 1 Joomla | 1 Joomla\! | 2019-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components. | |||||
| CVE-2017-6562 | 1 Agora-project | 1 Agora-project | 2019-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack. | |||||
| CVE-2017-6561 | 1 Agora-project | 1 Agora-project | 2019-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack. | |||||
| CVE-2017-6559 | 1 Agora-project | 1 Agora-project | 2019-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif[]=[XSS] attack. | |||||
| CVE-2019-6229 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| A logic issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
| CVE-2017-8551 | 1 Microsoft | 1 Project Server | 2019-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint XSS vulnerability". | |||||
| CVE-2017-6814 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-19 | 3.5 LOW | 5.4 MEDIUM |
| In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js. | |||||
| CVE-2017-5612 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt. | |||||
| CVE-2017-6817 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-19 | 3.5 LOW | 5.4 MEDIUM |
| In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds. | |||||
| CVE-2017-6818 | 1 Wordpress | 1 Wordpress | 2019-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names. | |||||
| CVE-2017-6560 | 1 Agora-project | 1 Agora-project | 2019-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[XSS]&editObjId=[XSS] attack. | |||||
| CVE-2017-5197 | 1 Silverstripe | 1 Silverstripe | 2019-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. The attack vector is a page name. An example payload is a crafted JavaScript event handler within a malformed SVG element. | |||||
| CVE-2017-6799 | 1 Mantisbt | 1 Mantisbt | 2019-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter. | |||||
| CVE-2017-6797 | 1 Mantisbt | 1 Mantisbt | 2019-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter. | |||||
| CVE-2017-5179 | 1 Tenable | 1 Nessus | 2019-03-19 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-4585 | 1 Apple | 4 Iphone Os, Safari, Tvos and 1 more | 2019-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari. | |||||
| CVE-2018-20806 | 1 Phamm | 1 Phamm | 2019-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter). | |||||