Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8334 | 1 Schoolcms | 1 Schoolcms | 2019-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&viewid=[XSS]. | |||||
| CVE-2019-8335 | 1 Schoolcms | 1 Schoolcms | 2019-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&id=[XSS]. | |||||
| CVE-2019-7748 | 1 Dbninja | 1 Dbninja | 2019-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| _includes\online.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if _users/admin/tasks.php exists. | |||||
| CVE-2019-7693 | 1 Axiositalia | 1 Registro Elettronico | 2019-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Axios Italia Axios RE 1.7.0/7.0.0 devices have XSS via the RELogOff.aspx Error_Parameters parameter. In some situations, the XSS would be on the family.axioscloud.it cloud service; however, the vendor also supports "Sissi in Rete (con server)" for offline operation. | |||||
| CVE-2015-5347 | 1 Apache | 1 Wicket | 2019-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 might allow remote attackers to inject arbitrary web script or HTML via a ModalWindow title. | |||||
| CVE-2019-7753 | 1 Verydows | 1 Verydows | 2019-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Verydows 2.0 has XSS via the index.php?m=api&c=stats&a=count referrer parameter. | |||||
| CVE-2019-3923 | 1 Tenable | 1 Nessus | 2019-02-12 | 3.5 LOW | 5.4 MEDIUM |
| Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser session. Tenable has released Nessus 8.2.2 to address this issue. | |||||
| CVE-2018-12241 | 1 Symantec | 1 Security Analytics | 2019-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP address can craft a malicious URL for the SA web UI and target SA web UI users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious JavaScript code into the SA web UI client application. | |||||
| CVE-2019-7677 | 1 Enphase | 1 Envoy | 2019-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888. | |||||
| CVE-2018-20778 | 1 Frog Cms Project | 1 Frog Cms | 2019-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element. | |||||
| CVE-2018-20774 | 1 Frog Cms Project | 1 Frog Cms | 2019-02-11 | 3.5 LOW | 5.4 MEDIUM |
| Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field. | |||||
| CVE-2018-20777 | 1 Frog Cms Project | 1 Frog Cms | 2019-02-11 | 3.5 LOW | 5.4 MEDIUM |
| Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field. | |||||
| CVE-2013-1937 | 1 Phpmyadmin | 1 Phpmyadmin | 2019-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. NOTE: a third party reports that this is "not exploitable." | |||||
| CVE-2019-7545 | 1 Dbninja | 1 Dbninja | 2019-02-08 | 3.5 LOW | 5.4 MEDIUM |
| In DbNinja 3.2.7, the Add Host function of the Manage Hosts pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name field. | |||||
| CVE-2019-7544 | 1 Mywebsql | 1 Mywebsql | 2019-02-07 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in MyWebSQL 3.7. The Add User function of the User Manager pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name Field. | |||||
| CVE-2018-17193 | 1 Apache | 1 Nifi | 2019-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. Mitigation: The fix to correctly parse and sanitize the request attribute value was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release. | |||||
| CVE-2019-7567 | 1 Bijiadao | 1 Waimai Super Cms | 2019-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member&a=adminaddsave has XSS via the username or password parameter. | |||||
| CVE-2018-1000998 | 1 Freebsd | 1 Cvsweb | 2019-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. It might impact other sites on same domain. This attack appears to be exploitable via victim must load specially crafted url. This vulnerability appears to have been fixed in 3.x. | |||||
| CVE-2019-7543 | 1 Kindsoft | 1 Kindeditor | 2019-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability. | |||||
| CVE-2019-7546 | 1 Topnew | 1 Sidu | 2019-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in SIDU 6.0. The dbs parameter of the conn.php page has a reflected Cross-site Scripting (XSS) vulnerability. | |||||
| CVE-2019-7547 | 1 Topnew | 1 Sidu | 2019-02-07 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in SIDU 6.0. Because the database name is not strictly filtered, the attacker can insert a name containing an XSS Payload, leading to stored XSS. | |||||
| CVE-2018-20757 | 1 Modx | 1 Modx Revolution | 2019-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name. | |||||
| CVE-2018-20756 | 1 Modx | 1 Modx Revolution | 2019-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs. | |||||
| CVE-2018-20755 | 1 Modx | 1 Modx Revolution | 2019-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| MODX Revolution through v2.7.0-pl allows XSS via the User Photo field. | |||||
| CVE-2019-1000024 | 1 Opt-net | 1 Ng-netms | 2019-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cross Site Scripting (XSS) vulnerability in /js/libs/jstree/demo/filebrowser/index.php page. The "id" and "operation" GET parameters can be used to inject arbitrary JavaScript which is returned in the page's response that can result in Cross-site scripting.This attack appear to be exploitable via network connectivity. | |||||
| CVE-2019-1000004 | 1 Jspmyadmin | 1 Jspmyadmin2 | 2019-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| yugandhargangu JspMyAdmin2 version 1.0.6 and earlier contains a Cross Site Scripting (XSS) vulnerability in sidebar and table data that can result in Database fields aren't properly sanitized and allow code injection (Cross-Site Scripting). This attack appears to be exploitable via the payload needs to be stored in the database and the victim must see the db value in question. | |||||
| CVE-2019-6591 | 1 F5 | 1 Big-ip Access Policy Manager | 2019-02-06 | 3.5 LOW | 5.4 MEDIUM |
| On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. | |||||
| CVE-2019-1000010 | 1 Phpipam | 1 Phpipam | 2019-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in 1.4. | |||||
| CVE-2019-7349 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in the view monitor (monitor.php) because proper filtration is omitted. | |||||
| CVE-2019-7348 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user (user.php) because proper filtration is omitted. | |||||
| CVE-2019-7345 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 3.5 LOW | 4.8 MEDIUM |
| Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php. | |||||
| CVE-2019-7344 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on the web page without applying any proper filtration. | |||||
| CVE-2019-7343 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view monitor (monitor.php) because proper filtration is omitted. | |||||
| CVE-2019-7342 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because proper filtration is omitted. | |||||
| CVE-2019-7341 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in the view monitor (monitor.php) because proper filtration is omitted. | |||||
| CVE-2019-7340 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted. | |||||
| CVE-2019-7339 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log (log.php) because proper filtration is omitted. | |||||
| CVE-2019-7336 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view _monitor_filters.php contains takes in input from the user and saves it into the session, and retrieves it later (insecurely). The values of the MonitorName and Source parameters are being displayed without any output filtration being applied. This relates to the view=cycle value. | |||||
| CVE-2019-7337 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 3.5 LOW | 4.8 MEDIUM |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view 'events' (events.php) insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader() in functions.php, which insecurely returns the value of the limit query string parameter without applying any filtration. | |||||
| CVE-2019-7335 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value. | |||||
| CVE-2019-7338 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration. | |||||
| CVE-2019-7334 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export (export.php) because proper filtration is omitted. | |||||
| CVE-2019-7333 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download (download.php) because proper filtration is omitted. | |||||
| CVE-2019-7332 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view download (download.php) because proper filtration is omitted. | |||||
| CVE-2019-7328 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted. | |||||
| CVE-2019-7327 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) because proper filtration is omitted. | |||||
| CVE-2019-7329 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS. | |||||
| CVE-2019-7330 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame (frame.php) because proper filtration is omitted. | |||||
| CVE-2019-7331 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check color" (monitor.php). There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack. | |||||
| CVE-2019-7352 | 1 Zoneminder | 1 Zoneminder | 2019-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'state' (aka Run State) (state.php) does no input validation to the value supplied to the 'New State' (aka newState) field, allowing an attacker to execute HTML or JavaScript code. | |||||