Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9344 | 1 Atlassian | 1 Subversion Application Lifecycle Management | 2020-03-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations. | |||||
| CVE-2019-16010 | 1 Cisco | 12 Isr1100-4g, Isr1100-4gltegb, Isr1100-4gltena and 9 more | 2020-03-23 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web UI of the Cisco SD-WAN vManage software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the vManage software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2020-10667 | 1 Canon | 2 Oce Colorwave 500, Oce Colorwave 500 Firmware | 2020-03-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is map(template_name). NOTE: this is fixed in the latest version. | |||||
| CVE-2020-10668 | 1 Canon | 2 Oce Colorwave 500, Oce Colorwave 500 Firmware | 2020-03-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the latest version. | |||||
| CVE-2020-10670 | 1 Canon | 2 Oce Colorwave 500, Oce Colorwave 500 Firmware | 2020-03-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. NOTE: this is fixed in the latest version. | |||||
| CVE-2020-7006 | 1 Systech | 4 Nds-5000, Nds-5000 Firmware, Nds\/5008rm and 1 more | 2020-03-23 | 6.0 MEDIUM | 8.4 HIGH |
| Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port, RJ45), firmware Version 02D.30. Successful exploitation of this vulnerability could allow information disclosure, limit system availability, and may allow remote code execution. | |||||
| CVE-2019-19336 | 2 Ovirt, Redhat | 2 Ovirt-engine, Virtualization | 2020-03-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML pages that can run scripts in the context of the user's oVirt session. | |||||
| CVE-2019-15124 | 1 Mediawiki | 1 Mobilefrontend | 2020-03-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the MobileFrontend extension for MediaWiki, XSS exists within the edit summary field of the watchlist feed. This affects REL1_31, REL1_32, and REL1_33. | |||||
| CVE-2019-16070 | 1 Netsas | 1 Enigma Network Management Solution | 2020-03-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A number of stored Cross-site Scripting (XSS) vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through web application form inputs. | |||||
| CVE-2019-20513 | 1 Edx | 1 Open Edx | 2020-03-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Open edX Ironwood.1 allows support/certificates?user= reflected XSS. | |||||
| CVE-2019-16069 | 1 Netsas | 1 Enigma Network Management Solution | 2020-03-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A number of stored Cross-site Scripting (XSS) vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through the SNMP protocol. | |||||
| CVE-2019-19851 | 1 Sangoma | 1 Freepbx | 2020-03-20 | 3.5 LOW | 4.8 MEDIUM |
| An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta through 13.0.4.7, 14.x through 14.0.24, and 15.x through 15.0.2.20. | |||||
| CVE-2019-10146 | 2 Dogtagpki, Redhat | 2 Dogtagpki, Enterprise Linux | 2020-03-20 | 2.6 LOW | 4.7 MEDIUM |
| A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser. | |||||
| CVE-2009-1879 | 1 Adobe | 1 Flex Sdk | 2020-03-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.template.html in the express-install templates in the SDK in Adobe Flex before 3.4, when the installed Flash version is older than a specified requiredMajorVersion value, allows remote attackers to inject arbitrary web script or HTML via the query string. | |||||
| CVE-2020-9443 | 1 Zulipchat | 1 Zulip Desktop | 2020-03-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82. | |||||
| CVE-2019-19381 | 1 Abacus | 1 Abacus | 2020-03-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| oauth/oauth2/v1/saml/ in Abacus OAuth Login 2019_01_r4_20191021_0000 before prior to R4 (20.11.2019 Hotfix) allows Reflected Cross Site Scripting (XSS) via an error message. | |||||
| CVE-2019-20525 | 1 Igniterealtime | 1 Openfire | 2020-03-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter. | |||||
| CVE-2019-20526 | 1 Igniterealtime | 1 Openfire | 2020-03-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter. | |||||
| CVE-2019-20528 | 1 Igniterealtime | 1 Openfire | 2020-03-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter. | |||||
| CVE-2019-19198 | 1 Scoutnet | 1 Kalender | 2020-03-19 | 3.5 LOW | 5.4 MEDIUM |
| The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS. | |||||
| CVE-2019-14884 | 1 Moodle | 1 Moodle | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a reflected XSS possible from some fatal error messages. | |||||
| CVE-2020-7258 | 1 Mcafee | 1 Network Security Manager | 2020-03-19 | 3.5 LOW | 4.8 MEDIUM |
| Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. | |||||
| CVE-2020-7256 | 1 Mcafee | 1 Network Security Manager | 2020-03-19 | 3.5 LOW | 4.8 MEDIUM |
| Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. | |||||
| CVE-2019-20527 | 1 Igniterealtime | 1 Openfire | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter. | |||||
| CVE-2020-6646 | 1 Fortinet | 1 Fortiweb | 2020-03-19 | 3.5 LOW | 5.4 MEDIUM |
| An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message. | |||||
| CVE-2019-19461 | 1 Teampasswordmanager | 1 Team Password Manager | 2020-03-19 | 3.5 LOW | 5.4 MEDIUM |
| Post-authentication Stored XSS in Team Password Manager through 7.93.204 allows attackers to steal other users' credentials by creating a shared password with HTML code as the title. | |||||
| CVE-2019-20521 | 1 Frappe | 1 Erpnext | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/ URI. | |||||
| CVE-2019-20520 | 1 Frappe | 1 Erpnext | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/method/ URI. | |||||
| CVE-2019-20515 | 1 Frappe | 1 Erpnext | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the addresses/ URI. | |||||
| CVE-2019-20516 | 1 Frappe | 1 Erpnext | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the blog/ URI. | |||||
| CVE-2019-20517 | 1 Frappe | 1 Erpnext | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the contact/ URI. | |||||
| CVE-2019-20518 | 1 Frappe | 1 Erpnext | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the project/ URI. | |||||
| CVE-2019-20519 | 1 Frappe | 1 Erpnext | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the user/ URI, as demonstrated by a crafted e-mail address. | |||||
| CVE-2019-20514 | 1 Frappe | 1 Erpnext | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the address/ URI. | |||||
| CVE-2019-12367 | 1 Blixhq | 1 Bluemail | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The BlueMail application through 1.9.5.36 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | |||||
| CVE-2019-12366 | 1 9folders | 1 Nine | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Nine application through 4.5.3a for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | |||||
| CVE-2019-12369 | 1 Typeapp | 1 Typeapp | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The TypeApp application through 1.9.5.35 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | |||||
| CVE-2019-12368 | 1 Edison | 1 Edison Mail | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Edison Mail application through 1.7.1 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | |||||
| CVE-2019-12365 | 1 Cloudmagic | 1 Newton | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Newton application through 10.0.23 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | |||||
| CVE-2019-12370 | 1 Readdle | 1 Spark | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Spark application through 2.0.2 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | |||||
| CVE-2019-20497 | 1 Cpanel | 1 Cpanel | 2020-03-19 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533). | |||||
| CVE-2019-20512 | 1 Open.edx | 1 Ironwood | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Open edX Ironwood.1 allows support/certificates?course_id= reflected XSS. | |||||
| CVE-2019-19615 | 1 Sangoma | 1 Freepbx | 2020-03-19 | 3.5 LOW | 4.8 MEDIUM |
| Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and embed malicious XSS code via a link. When another user (such as an admin) clicks the link, the XSS payload will render and execute in the context of the victim user's account. | |||||
| CVE-2019-19852 | 1 Sangoma | 1 Freepbx | 2020-03-19 | 3.5 LOW | 4.8 MEDIUM |
| An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel through 13.0.26.9, 14.x through 14.0.2.14, and 15.x through 15.0.15.4. | |||||
| CVE-2019-20524 | 1 Ilch | 1 Ilch Cms | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| ilchCMS 2.1.23 allows XSS via the index.php/partner/index Banner parameter. | |||||
| CVE-2019-20523 | 1 Ilch | 1 Ilch Cms | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| ilchCMS 2.1.23 allows XSS via the index.php/partner/index Name parameter. | |||||
| CVE-2019-20522 | 1 Ilch | 1 Ilch Cms | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| ilchCMS 2.1.23 allows XSS via the index.php/partner/index Link parameter. | |||||
| CVE-2019-13198 | 1 Kyocera | 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Stored XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions. | |||||
| CVE-2020-10113 | 1 Cpanel | 1 Cpanel | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515). | |||||
| CVE-2020-10114 | 1 Cpanel | 1 Cpanel | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535). | |||||