Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19903 | 1 Xsltcms.org Project | 1 Xsltcms.org | 2019-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent XSS exists in XSLT CMS via the create/?action=items.edit&type=Page title field. | |||||
| CVE-2018-19507 | 1 Cmsimple | 1 Cmsimple | 2019-02-25 | 3.5 LOW | 4.8 MEDIUM |
| CMSimple 4.7.5 has XSS via an admin's use of a ?file=config&action=array URI. | |||||
| CVE-2018-19844 | 1 Frogcms Project | 1 Frogcms | 2019-02-25 | 3.5 LOW | 4.8 MEDIUM |
| FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319. | |||||
| CVE-2018-17302 | 1 Espocrm | 1 Espocrm | 2019-02-25 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /#Email/view saved draft message. | |||||
| CVE-2018-19845 | 1 Get-simple | 1 Getsimple Cms | 2019-02-25 | 3.5 LOW | 5.4 MEDIUM |
| There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325. | |||||
| CVE-2018-19901 | 1 No-cms Project | 1 No-cms | 2019-02-25 | 3.5 LOW | 4.8 MEDIUM |
| No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article/index/ "article_title" parameter. | |||||
| CVE-2018-19902 | 1 No-cms Project | 1 No-cms | 2019-02-25 | 3.5 LOW | 4.8 MEDIUM |
| No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article "keyword" parameter. | |||||
| CVE-2018-19918 | 1 Cuppacms | 1 Cuppacms | 2019-02-25 | 3.5 LOW | 5.4 MEDIUM |
| CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI. | |||||
| CVE-2018-19600 | 1 Rhymix | 1 Rhymix | 2019-02-25 | 3.5 LOW | 4.8 MEDIUM |
| Rhymix CMS 1.9.8.1 allows XSS via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload. | |||||
| CVE-2018-17301 | 1 Espocrm | 1 Espocrm | 2019-02-25 | 3.5 LOW | 5.4 MEDIUM |
| Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel. | |||||
| CVE-2019-9142 | 1 B3log | 1 Symphony | 2019-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java. | |||||
| CVE-2018-19906 | 1 Razorcms | 1 Razorcms | 2019-02-25 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter. | |||||
| CVE-2019-9078 | 1 Zzcms | 1 Zzcms | 2019-02-25 | 3.5 LOW | 5.4 MEDIUM |
| zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT. | |||||
| CVE-2018-18692 | 1 Semcosoft | 1 Semcosoft | 2019-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site scripting (XSS) vulnerability in SEMCO Semcosoft 5.3 allows remote attackers to inject arbitrary web scripts or HTML via the username parameter to the Login Form. | |||||
| CVE-2019-9108 | 1 Wuzhicms | 1 Wuzhicms | 2019-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app/core/map.php. | |||||
| CVE-2019-9109 | 1 Wuzhicms | 1 Wuzhi Cms | 2019-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] to coreframe/app/message/message.php. | |||||
| CVE-2019-9110 | 1 Wuzhicms | 1 Wuzhi Cms | 2019-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php. | |||||
| CVE-2019-9107 | 1 Wuzhicms | 1 Wuzhi Cms | 2019-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php. | |||||
| CVE-2019-9066 | 1 Php Appointment Booking Script Project | 1 Php Appointment Booking Script | 2019-02-25 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall PHP Appointment Booking Script 3.0.3 allows HTML injection in a user profile. | |||||
| CVE-2018-20791 | 1 Tecrail | 1 Responsive Filemanager | 2019-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action. | |||||
| CVE-2019-9016 | 1 Mopcms | 1 Mopcms | 2019-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[name] parameter in a mod=column request, as demonstrated by the /mopcms/X0AZgf(index).php?mod=column&ac=list&menuid=28&ac=add&menuid=29 URI. | |||||
| CVE-2019-5727 | 1 Splunk | 1 Splunk | 2019-02-22 | 3.5 LOW | 5.4 MEDIUM |
| Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827. | |||||
| CVE-2019-8983 | 1 Altn | 1 Mdaemon | 2019-02-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2). | |||||
| CVE-2019-8984 | 1 Altn | 1 Mdaemon | 2019-02-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2). | |||||
| CVE-2018-12409 | 1 Tibco | 1 Silver Fabric | 2019-02-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions up to and including 5.8.1. | |||||
| CVE-2016-0926 | 1 Pivotal Software | 1 Cloud Foundry Elastic Runtime | 2019-02-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework. | |||||
| CVE-2019-1000015 | 1 Chamilo | 1 Chamilo Lms | 2019-02-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.php, main/social/personal_data.php, main/inc/lib/TicketManager.php, main/ticket/ticket_details.php that can result in a message being sent to the Administrator with the XSS to steal cookies. A ticket can be created with a XSS payload in the subject field. This attack appears to be exploitable via <svg/onload=alert(1)> as the payload user on the Subject field. This makes it possible to obtain the cookies of all users that have permission to view the tickets. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03. | |||||
| CVE-2019-8435 | 1 Phpmywind | 1 Phpmywind | 2019-02-20 | 3.5 LOW | 4.8 MEDIUM |
| admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header. | |||||
| CVE-2019-8400 | 1 Ory | 1 Hydra | 2019-02-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter. | |||||
| CVE-2019-0254 | 1 Sap | 1 Disclosure Management | 2019-02-20 | 3.5 LOW | 5.4 MEDIUM |
| SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-0262 | 1 Sap | 1 Businessobjects Bi Platform | 2019-02-19 | 3.5 LOW | 5.4 MEDIUM |
| SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-0251 | 1 Sap | 1 Businessobjects | 2019-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-8419 | 1 Vnote Project | 1 Vnote | 2019-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| VNote 2.2 has XSS via a new text note. | |||||
| CVE-2019-8935 | 1 O-dyn | 1 Collabtive | 2019-02-19 | 3.5 LOW | 5.4 MEDIUM |
| Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter. | |||||
| CVE-2019-8436 | 1 Txjia | 1 Imcat | 2019-02-19 | 3.5 LOW | 5.4 MEDIUM |
| imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter. | |||||
| CVE-2019-8911 | 1 Wtcms Project | 1 Wtcms | 2019-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in WTCMS 1.0. It has stored XSS via the third text box (for the website statistics code). | |||||
| CVE-2019-8425 | 1 Zoneminder | 1 Zoneminder | 2019-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages. | |||||
| CVE-2019-8426 | 1 Zoneminder | 1 Zoneminder | 2019-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter. | |||||
| CVE-2019-8434 | 1 Cmseasy | 1 Cmseasy | 2019-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter. | |||||
| CVE-2019-8432 | 1 Cmseasy | 1 Cmseasy | 2019-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter. | |||||
| CVE-2019-8363 | 1 Verydows | 1 Verydows | 2019-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value. | |||||
| CVE-2019-8361 | 1 Responsive Video News Script Project | 1 Responsive Video News Script | 2019-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection. | |||||
| CVE-2018-6906 | 1 Rainmachine | 1 Rainmachine Web Application | 2019-02-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API. | |||||
| CVE-2018-13403 | 1 Atlassian | 1 Jira | 2019-02-14 | 3.5 LOW | 5.4 MEDIUM |
| The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard. | |||||
| CVE-2019-6589 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2019-02-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP configuration utility. | |||||
| CVE-2019-7742 | 1 Joomla | 1 Joomla\! | 2019-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector. | |||||
| CVE-2019-7740 | 1 Joomla | 1 Joomla\! | 2019-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector. | |||||
| CVE-2019-7741 | 1 Joomla | 1 Joomla\! | 2019-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS. | |||||
| CVE-2019-7744 | 1 Joomla | 1 Joomla\! | 2019-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability. | |||||
| CVE-2015-7520 | 1 Apache | 1 Wicket | 2019-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a <input> element. | |||||