Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2580 | 1 Postieplugin | 1 Postie | 2020-01-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Postie plugin 1.4.3, and possibly before 1.5.15, for WordPress allows remote attackers to inject arbitrary web script or HTML via the From field of an email. | |||||
| CVE-2019-17667 | 1 Comtechtel | 2 H8 Heights Remote Gateway, H8 Heights Remote Gateway Firmware | 2020-01-10 | 3.5 LOW | 5.4 MEDIUM |
| Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name (aka SiteName) field. | |||||
| CVE-2016-6588 | 1 Symantec | 1 It Management Suite | 2020-01-10 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0. | |||||
| CVE-2018-0576 | 1 Wp-events-plugin | 1 Events Manager | 2020-01-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-4553 | 1 Spreadshirt-rss-3d-cube-flash-gallery Project | 1 Spreadshirt-rss-3d-cube-flash-gallery | 2020-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in the spreadshirt-rss-3d-cube-flash-gallery plugin 2014 for WordPress allows remote attackers to execute arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2013-3931 | 1 Jomres | 1 Jomres | 2020-01-09 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to inject arbitrary web script or HTML via the property_name parameter, related to editing property details. | |||||
| CVE-2013-0737 | 1 Boltwire | 1 Boltwire | 2020-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the fieldnames parameter. | |||||
| CVE-2013-1642 | 1 Quixplorer Project | 1 Quixplorer | 2020-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in QuiXplorer before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) dir, (2) item, (3) order, (4) searchitem, (5) selitems[], or (6) srt parameter to index.php or (7) the QUERY_STRING to index.php. | |||||
| CVE-2019-16717 | 1 Open-xchange | 1 Open-xchange Appsuite | 2020-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite through 7.10.2 has XSS. | |||||
| CVE-2019-19311 | 1 Gitlab | 1 Gitlab | 2020-01-09 | 3.5 LOW | 5.4 MEDIUM |
| GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields. | |||||
| CVE-2013-7351 | 1 Shaarli Project | 1 Shaarli | 2020-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the (1) showRSS, (2) showATOM, or (3) showDailyRSS function; a (4) file name to the importFile function; or (5) vectors related to bookmarks. | |||||
| CVE-2019-15603 | 1 Seeftl Project | 1 Seeftl | 2020-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The seefl package v0.1.1 is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability via a malicious filename rendered in a directory listing. | |||||
| CVE-2019-14863 | 2 Angularjs, Redhat | 3 Angular.js, Decision Manager, Process Automation | 2020-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. | |||||
| CVE-2019-10227 | 1 It-novum | 1 Openitcockpit | 2020-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found component. | |||||
| CVE-2020-5842 | 1 Codologic | 1 Codoforum | 2020-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payload is, for example, executed on the admin/index.php?page=users/manage page. | |||||
| CVE-2018-1253 | 1 Emc | 1 Rsa Authentication Manager | 2020-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting vulnerability. A malicious Operations Console administrator could potentially exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser. | |||||
| CVE-2013-7062 | 1 Plone | 1 Plone | 2020-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method. | |||||
| CVE-2013-6242 | 1 Open-xchange | 1 Open-xchange Appsuite | 2020-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and the publication name were SPLIT from this CVE ID because they affect different sets of versions. | |||||
| CVE-2013-7485 | 1 Open-xchange | 1 Open-xchange Appsuite | 2020-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions. | |||||
| CVE-2013-7486 | 1 Open-xchange | 1 Open-xchange Appsuite | 2020-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions. | |||||
| CVE-2019-9554 | 1 Craftcms | 1 Craft Cms | 2020-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI. | |||||
| CVE-2019-20336 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2020-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-results.php searchtext parameter is vulnerable to XSS. | |||||
| CVE-2020-5305 | 1 Codologic | 1 Codoforum | 2020-01-08 | 3.5 LOW | 4.8 MEDIUM |
| Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen. | |||||
| CVE-2019-20058 | 1 Boltcms | 1 Bolt | 2020-01-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the _profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040. | |||||
| CVE-2014-4544 | 1 Podcast Channels Project | 1 Podcast Channels | 2020-01-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Podcast Channels plugin 0.20 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the Filename parameter to getid3/demos/demo.write.php. | |||||
| CVE-2014-4539 | 1 Movies Project | 1 Movies | 2020-01-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. | |||||
| CVE-2014-4548 | 1 Ruven-toolkit Project | 1 Ruven-toolkit | 2020-01-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in tinymce/popup.php in the Ruven Toolkit plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the popup parameter. | |||||
| CVE-2019-12186 | 1 Sylius | 2 Grid, Sylius | 2020-01-08 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in Sylius products. Missing input sanitization in sylius/sylius 1.0.x through 1.0.18, 1.1.x through 1.1.17, 1.2.x through 1.2.16, 1.3.x through 1.3.11, and 1.4.x through 1.4.3 and sylius/grid 1.0.x through 1.0.18, 1.1.x through 1.1.18, 1.2.x through 1.2.17, 1.3.x through 1.3.12, 1.4.x through 1.4.4, and 1.5.0 allows an attacker (an admin in the sylius/sylius case) to perform XSS by injecting malicious code into a field displayed in a grid with the "string" field type. The contents are an object, with malicious code returned by the __toString() method of that object. | |||||
| CVE-2019-9556 | 1 Fiberhomegroup | 2 An5506-04-f, An5506-04-f Firmware | 2020-01-08 | 3.5 LOW | 5.4 MEDIUM |
| FiberHome an5506-04-f RP2669 devices have XSS. | |||||
| CVE-2020-5843 | 1 Codologic | 1 Codoforum | 2020-01-08 | 3.5 LOW | 4.8 MEDIUM |
| Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen. | |||||
| CVE-2013-7071 | 1 Fibranet | 1 Monitorix | 2020-01-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the handle_request function in lib/HTTPServer.pm in Monitorix before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2020-5393 | 1 Appspace | 1 On-prem | 2020-01-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Appspace On-Prem through 7.1.3, an adversary can steal a session token via XSS. | |||||
| CVE-2013-3936 | 1 Opsview | 2 Opsview, Opsview Core | 2020-01-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 and Opsview Core before 20130522 allow remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2019-19266 | 1 Icewarp | 1 Mail Server | 2020-01-08 | 3.5 LOW | 5.4 MEDIUM |
| IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects. | |||||
| CVE-2019-19265 | 1 Icewarp | 1 Mail Server | 2020-01-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts. | |||||
| CVE-2018-20490 | 1 Gitlab | 1 Gitlab | 2020-01-08 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS. | |||||
| CVE-2018-20491 | 1 Gitlab | 1 Gitlab | 2020-01-08 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS. | |||||
| CVE-2013-4744 | 1 Phpunit Project | 1 Phpunit | 2020-01-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the PHPUnit extension before 3.5.15 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-16780 | 1 Wordpress | 1 Wordpress | 2020-01-08 | 3.5 LOW | 5.4 MEDIUM |
| WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an admin opens the post in the editor. Execution of this attack does require an authenticated user. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. Automatic updates are enabled by default for minor releases and we strongly recommend that you keep them enabled. | |||||
| CVE-2019-16781 | 1 Wordpress | 1 Wordpress | 2020-01-08 | 3.5 LOW | 5.4 MEDIUM |
| In WordPress before 5.3.1, authenticated users with lower privileges (like contributors) can inject JavaScript code in the block editor, which is executed within the dashboard. It can lead to an admin opening the affected post in the editor leading to XSS. | |||||
| CVE-2019-17672 | 1 Wordpress | 1 Wordpress | 2020-01-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements. | |||||
| CVE-2019-17674 | 1 Wordpress | 1 Wordpress | 2020-01-08 | 3.5 LOW | 5.4 MEDIUM |
| WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer. | |||||
| CVE-2013-5637 | 1 Pqigroup | 2 Air Card, Air Card Firmware | 2020-01-08 | 3.5 LOW | 5.4 MEDIUM |
| PQI AirCard has persistent XSS | |||||
| CVE-2013-5638 | 1 Transcend-info | 2 Wifisd, Wifisd Firmware | 2020-01-08 | 3.5 LOW | 5.4 MEDIUM |
| Transcend WiFiSD 1.8 has persistent XSS | |||||
| CVE-2013-5658 | 1 Aultware | 1 Pwstore | 2020-01-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| AultWare pwStore 2010.8.30.0 has XSS | |||||
| CVE-2018-20496 | 1 Gitlab | 1 Gitlab | 2020-01-07 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS. | |||||
| CVE-2014-4558 | 1 Cybercompany | 1 Swipehq-payment-gateway-woocommerce | 2020-01-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter. | |||||
| CVE-2015-6960 | 1 Edx | 1 Edx-platform | 2020-01-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| edx-platform before 2015-09-17 allows XSS via a team name. | |||||
| CVE-2014-4567 | 1 Videowhisper | 1 Video Comments Webcam Recorder | 2020-01-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in comments/videowhisper2/r_logout.php in the Video Comments Webcam Recorder plugin 1.55, as downloaded before 20140116 for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2015-5593 | 1 Zenphoto | 1 Zenphoto | 2020-01-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The sanitize_string function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to perform a cross-site scripting (XSS) attack by wrapping a payload in "<<script></script>script>payload<script></script></script>", or in an image tag, with the payload as the onerror event. | |||||