Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7467 | 1 Simplemachines | 1 Simple Machines Forum | 2019-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter. | |||||
| CVE-2017-2492 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2019-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "JavaScriptCore" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that triggers prototype mishandling. | |||||
| CVE-2017-2549 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2019-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with frame loading. | |||||
| CVE-2017-7089 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing. | |||||
| CVE-2017-7109 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via crafted web content that incorrectly interacts with the Application Cache policy. | |||||
| CVE-2017-2445 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2019-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted frame objects. | |||||
| CVE-2018-17413 | 1 Zzcms | 1 Zzcms | 2019-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin parameter. | |||||
| CVE-2018-17425 | 1 Wuzhicms | 1 Wuzhi Cms | 2019-03-08 | 3.5 LOW | 5.4 MEDIUM |
| WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ask" "detailed description" field under the index.php?m=member URI. | |||||
| CVE-2018-10428 | 1 Ilias | 1 Ilias | 2019-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting. | |||||
| CVE-2018-8602 | 1 Microsoft | 1 Team Foundation Server | 2019-03-08 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team. | |||||
| CVE-2018-17421 | 1 Zrlog | 1 Zrlog | 2019-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname. | |||||
| CVE-2018-17426 | 1 Wuzhicms | 1 Wuzhi Cms | 2019-03-08 | 3.5 LOW | 5.4 MEDIUM |
| WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in station" field under the index.php?m=core URI. | |||||
| CVE-2019-7660 | 1 Phpmywind | 1 Phpmywind | 2019-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in PHPMyWind 5.5. The username parameter of the /install/index.php page has a stored Cross-site Scripting (XSS) vulnerability, as demonstrated by admin/login.php. | |||||
| CVE-2019-7661 | 1 Phpmywind | 1 Phpmywind | 2019-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in PHPMyWind 5.5. The method parameter of the data/api/oauth/connect.php page has a reflected Cross-site Scripting (XSS) vulnerability. | |||||
| CVE-2018-12090 | 1 Lamsfoundation | 1 Lams | 2019-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change. | |||||
| CVE-2019-0742 | 1 Microsoft | 1 Team Foundation Server | 2019-03-08 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0743. | |||||
| CVE-2019-0743 | 1 Microsoft | 1 Team Foundation Server | 2019-03-08 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0742. | |||||
| CVE-2018-12040 | 1 Sensiolabs | 1 Symfony | 2019-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should never be deployed in production (so, we don't handle those issues as security issues)." | |||||
| CVE-2018-16808 | 1 Dolibarr | 1 Dolibarr | 2019-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note. | |||||
| CVE-2019-8438 | 1 Dilicms | 1 Dilicms | 2019-03-08 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the first textbox of "System setting->site setting" of admin/index.php, aka site_name. | |||||
| CVE-2019-8440 | 1 Dilicms | 1 Dilicms | 2019-03-08 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the third textbox (aka site logo) of "System setting->site setting" of admin/index.php, aka site_logo. | |||||
| CVE-2019-8439 | 1 Dilicms | 1 Dilicms | 2019-03-08 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the second textbox of "System setting->site setting" of admin/index.php, aka site_domain. | |||||
| CVE-2017-15515 | 1 Netapp | 1 Snapcenter Server | 2019-03-07 | 3.5 LOW | 4.8 MEDIUM |
| NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field. | |||||
| CVE-2019-9567 | 1 Wpmudev | 1 Forminator Contact Form\, Poll \& Quiz Builder | 2019-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll. | |||||
| CVE-2018-1000129 | 1 Jolokia | 1 Jolokia | 2019-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser. | |||||
| CVE-2016-6857 | 1 Sap | 1 Hybris | 2019-03-07 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Create Catalogue feature in Hybris Management Console (HMC) in SAP Hybris before 5.2.0.13, 5.3.x before 5.3.0.11, 5.4.x before 5.4.0.11, 5.5.0.x before 5.5.0.10, 5.5.1.x before 5.5.1.11, 5.6.x before 5.6.0.11, and 5.7.x before 5.7.0.15 allows remote authenticated users to inject arbitrary web script or HTML via the ID field. | |||||
| CVE-2019-8278 | 1 Invisioncommunity | 1 Invision Power Board | 2019-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution. | |||||
| CVE-2018-10059 | 1 Cacti | 1 Cacti | 2019-03-07 | 3.5 LOW | 5.4 MEDIUM |
| Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name. | |||||
| CVE-2018-10752 | 1 Tagregator Project | 1 Tagregator | 2019-03-07 | 3.5 LOW | 4.8 MEDIUM |
| The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action. | |||||
| CVE-2018-10118 | 1 Monstra | 1 Monstra | 2019-03-07 | 3.5 LOW | 4.8 MEDIUM |
| Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php. | |||||
| CVE-2016-7891 | 2 Adobe, Microsoft | 2 Robohelp, Windows | 2019-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe RoboHelp version 2015.0.3 and earlier, RoboHelp 11 and earlier have an input validation issue that could be used in cross-site scripting attacks. | |||||
| CVE-2019-9606 | 1 Personal Video Collection Script Project | 1 Personal Video Collection Script | 2019-03-07 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Personal Video Collection Script 4.0.4 has Stored XSS via the "Update profile" feature. | |||||
| CVE-2019-9595 | 1 Appcms | 1 Appcms | 2019-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| AppCMS 2.0.101 allows XSS via the upload/callback.php params parameter. | |||||
| CVE-2018-19554 | 1 Dotcms | 1 Dotcms | 2019-03-06 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Dotcms through 5.0.3. Attackers may perform XSS attacks via the inode, identifier, or fieldName parameter in html/js/dotcms/dijit/image/image_tool.jsp. | |||||
| CVE-2019-6228 | 1 Apple | 2 Iphone Os, Safari | 2019-03-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue is fixed in iOS 12.1.3, Safari 12.0.3. Processing maliciously crafted web content may lead to a cross site scripting attack. | |||||
| CVE-2019-9575 | 1 Quizandsurveymaster | 1 Quiz And Survey Master | 2019-03-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Quiz And Survey Master plugin 6.0.4 for WordPress allows wp-admin/admin.php?page=mlw_quiz_results quiz_id XSS. | |||||
| CVE-2018-6882 | 1 Synacor | 1 Zimbra Collaboration Suite | 2019-03-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment. | |||||
| CVE-2019-9570 | 1 Yzmcms | 1 Yzmcms | 2019-03-05 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/system_manage/save.html URI, related to the site_code parameter. | |||||
| CVE-2018-5672 | 1 Booking Calendar Project | 1 Booking Calendar | 2019-03-05 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php form_field5[label] parameter. | |||||
| CVE-2018-5666 | 1 Responsive Coming Soon Page Project | 1 Responsive Coming Soon Page | 2019-03-05 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php bg_color parameter. | |||||
| CVE-2018-5671 | 1 Booking Calendar Project | 1 Booking Calendar | 2019-03-05 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php extra_field1[items][field_item1][price_percent] parameter. | |||||
| CVE-2018-5670 | 1 Booking Calendar Project | 1 Booking Calendar | 2019-03-05 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php sale_conditions[count][] parameter. | |||||
| CVE-2018-5663 | 1 Responsive Coming Soon Page Project | 1 Responsive Coming Soon Page | 2019-03-05 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php button_text_link parameter. | |||||
| CVE-2018-5662 | 1 Responsive Coming Soon Page Project | 1 Responsive Coming Soon Page | 2019-03-05 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php counter_title parameter. | |||||
| CVE-2018-5665 | 1 Responsive Coming Soon Page Project | 1 Responsive Coming Soon Page | 2019-03-05 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php logo_height parameter. | |||||
| CVE-2018-5664 | 1 Responsive Coming Soon Page Project | 1 Responsive Coming Soon Page | 2019-03-05 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php social_icon_1 parameter. | |||||
| CVE-2018-5660 | 1 Responsive Coming Soon Page Project | 1 Responsive Coming Soon Page | 2019-03-05 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php coming-soon_sub_title parameter. | |||||
| CVE-2018-5661 | 1 Responsive Coming Soon Page Project | 1 Responsive Coming Soon Page | 2019-03-05 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php logo_width parameter. | |||||
| CVE-2018-5659 | 1 Responsive Coming Soon Page Project | 1 Responsive Coming Soon Page | 2019-03-05 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php coming-soon_title parameter. | |||||
| CVE-2018-5657 | 1 Responsive Coming Soon Page Project | 1 Responsive Coming Soon Page | 2019-03-04 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php counter_title_icon parameter. | |||||