Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 20468 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-10420 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php by adding a question mark (?) followed by the payload.
CVE-2020-10439 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-discussed.php by adding a question mark (?) followed by the payload.
CVE-2020-10402 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-category.php by adding a question mark (?) followed by the payload.
CVE-2020-10408 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-subscriber.php by adding a question mark (?) followed by the payload.
CVE-2020-10438 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/reply-ticket.php by adding a question mark (?) followed by the payload.
CVE-2020-10405 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-glossary.php by adding a question mark (?) followed by the payload.
CVE-2020-10445 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article.php by adding a question mark (?) followed by the payload.
CVE-2020-10409 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-template.php by adding a question mark (?) followed by the payload.
CVE-2020-10427 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-languages.php by adding a question mark (?) followed by the payload.
CVE-2020-10437 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/optimize-database.php by adding a question mark (?) followed by the payload.
CVE-2020-10428 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-news.php by adding a question mark (?) followed by the payload.
CVE-2020-10449 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-search.php by adding a question mark (?) followed by the payload.
CVE-2020-10404 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-field.php by adding a question mark (?) followed by the payload.
CVE-2020-10436 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/my-profile.php by adding a question mark (?) followed by the payload.
CVE-2020-10435 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/my-languages.php by adding a question mark (?) followed by the payload.
CVE-2020-10434 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-versions.php by adding a question mark (?) followed by the payload.
CVE-2020-10433 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-users.php by adding a question mark (?) followed by the payload.
CVE-2020-10432 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-tickets.php by adding a question mark (?) followed by the payload.
CVE-2020-10446 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-category.php by adding a question mark (?) followed by the payload.
CVE-2020-10431 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-templates.php by adding a question mark (?) followed by the payload.
CVE-2020-10403 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-comment.php by adding a question mark (?) followed by the payload.
CVE-2020-10397 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-news.php by adding a question mark (?) followed by the payload.
CVE-2020-10392 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-category.php by adding a question mark (?) followed by the payload.
CVE-2020-10393 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-field.php by adding a question mark (?) followed by the payload.
CVE-2020-10398 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-template.php by adding a question mark (?) followed by the payload.
CVE-2020-10399 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-user.php by adding a question mark (?) followed by the payload.
CVE-2020-10400 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/article-collaboration.php by adding a question mark (?) followed by the payload.
CVE-2020-10391 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-article.php by adding a question mark (?) followed by the payload.
CVE-2020-10388 1 Chadhaajay 1 Phpkb 2020-03-26 4.3 MEDIUM 6.1 MEDIUM
The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php (vulnerable file admin/include/functions-articles.php).
CVE-2020-10394 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-glossary.php by adding a question mark (?) followed by the payload.
CVE-2020-10396 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-language.php by adding a question mark (?) followed by the payload.
CVE-2020-10395 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-group.php by adding a question mark (?) followed by the payload.
CVE-2020-10401 1 Chadhaajay 1 Phpkb 2020-03-26 3.5 LOW 4.8 MEDIUM
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-article.php by adding a question mark (?) followed by the payload.
CVE-2020-5552 1 Mailform 1 Mailform 2020-03-25 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-13389 1 Rainloop 1 Webmail 2020-03-25 4.3 MEDIUM 6.1 MEDIUM
RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header.
CVE-2020-10385 1 Wpforms 1 Contact Form 2020-03-25 3.5 LOW 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress.
CVE-2020-10681 1 Cmsmadesimple 1 Cms Made Simple 2020-03-25 3.5 LOW 5.4 MEDIUM
The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php.
CVE-2019-10179 2 Dogtagpki, Redhat 2 Dogtagpki, Enterprise Linux 2020-03-25 4.3 MEDIUM 6.1 MEDIUM
A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.
CVE-2019-10221 2 Dogtagpki, Redhat 2 Dogtagpki, Enterprise Linux 2020-03-25 4.3 MEDIUM 6.1 MEDIUM
A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.
CVE-2020-1696 2 Dogtagpki, Redhat 2 Dogtagpki, Certificate System 2020-03-25 3.5 LOW 5.4 MEDIUM
A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code.
CVE-2019-4681 4 Ibm, Linux, Microsoft and 1 more 5 Aix, Tivoli Netcool\/impact, Linux Kernel and 2 more 2020-03-25 4.3 MEDIUM 6.1 MEDIUM
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171734.
CVE-2019-13463 1 Quantumcloud 1 Simple Link Directory 2020-03-24 4.3 MEDIUM 6.1 MEDIUM
An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin before 7.3.5 for WordPress allows remote attackers to inject arbitrary web script or HTML, because esc_html is not called for the "echo get_the_title()" or "echo $term->name" statement.
CVE-2019-10178 1 Dogtagpki 1 Dogtagpki 2020-03-24 4.3 MEDIUM 6.1 MEDIUM
It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.
CVE-2019-15539 1 Mantisbt 1 Mantisbt 2020-03-24 4.3 MEDIUM 6.1 MEDIUM
The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed when editing the document's page.
CVE-2020-7481 1 Schneider-electric 22 Andover Continuum 5720, Andover Continuum 5720 Firmware, Andover Continuum 5740 and 19 more 2020-03-24 4.3 MEDIUM 6.1 MEDIUM
A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products' web server.
CVE-2020-7482 1 Schneider-electric 22 Andover Continuum 5720, Andover Continuum 5720 Firmware, Andover Continuum 5740 and 19 more 2020-03-24 4.3 MEDIUM 6.1 MEDIUM
A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products' web server.
CVE-2019-4718 1 Ibm 1 Jazz For Service Management 2020-03-24 3.5 LOW 5.4 MEDIUM
IBM Jazz for Service Management 3.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172123.
CVE-2020-10821 1 Nagios 1 Nagios Xi 2020-03-23 3.5 LOW 4.8 MEDIUM
Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter.
CVE-2020-10820 1 Nagios 1 Nagios Xi 2020-03-23 3.5 LOW 4.8 MEDIUM
Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter.
CVE-2020-10819 1 Nagios 1 Nagios Xi 2020-03-23 3.5 LOW 4.8 MEDIUM
Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter.