Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9504 | 1 Weeklynews Theme Project | 1 Weeklynews Theme | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter. | |||||
| CVE-2019-8084 | 1 Adobe | 1 Experience Manager | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2019-8083 | 1 Adobe | 1 Experience Manager | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.5, 6.4 and 6.3 have a cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2015-9503 | 1 Webmandesign | 1 Modern Theme | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Modern theme before 1.4.2 for WordPress has XSS via the genericons/example.html anchor identifier. | |||||
| CVE-2015-9502 | 1 Webmandesign | 1 Auberge Theme | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Auberge theme before 1.4.5 for WordPress has XSS via the genericons/example.html anchor identifier. | |||||
| CVE-2011-4940 | 1 Python | 1 Python | 2019-10-25 | 2.6 LOW | N/A |
| The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding. | |||||
| CVE-2019-18219 | 1 Sitemagic | 1 Sitemagic | 2019-10-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulnerability, as it fails to validate user input. The affected components (index.php, upgrade.php) allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter. | |||||
| CVE-2019-18203 | 1 Ricoh | 2 Mp 501, Mp 501 Firmware | 2019-10-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the RICOH MP 501 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn and KeyDisplay parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||
| CVE-2015-9500 | 1 Exquisite Ultimate Newspaper Project | 1 Exquisite Ultimate Newspaper | 2019-10-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js. | |||||
| CVE-2019-16975 | 1 Fusionpbx | 1 Fusionpbx | 2019-10-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | |||||
| CVE-2015-9495 | 1 Syndication Links Project | 1 Syndication Links | 2019-10-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier. | |||||
| CVE-2015-9494 | 1 Indieweb Post Kinds Project | 1 Indieweb Post Kinds | 2019-10-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS via the genericons/example.html anchor identifier. | |||||
| CVE-2019-16983 | 1 Fusionpbx | 1 Fusionpbx | 2019-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function (called by several pages of the interface), which uses an unsanitized "param" variable constructed partially from the URL args and reflected in HTML, leading to XSS. | |||||
| CVE-2019-16987 | 1 Fusionpbx | 1 Fusionpbx | 2019-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In FusionPBX up to v4.5.7, the file app\contacts\contact_import.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. | |||||
| CVE-2019-16982 | 1 Fusionpbx | 1 Fusionpbx | 2019-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In FusionPBX up to v4.5.7, the file app\access_controls\access_control_nodes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | |||||
| CVE-2019-16981 | 1 Fusionpbx | 1 Fusionpbx | 2019-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In FusionPBX up to v4.5.7, the file app\conference_profiles\conference_profile_params.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. | |||||
| CVE-2019-16989 | 1 Fusionpbx | 1 Fusionpbx | 2019-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In FusionPBX up to v4.5.7, the file app\conferences_active\conference_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS. | |||||
| CVE-2019-16984 | 1 Fusionpbx | 1 Fusionpbx | 2019-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In FusionPBX up to v4.5.7, the file app\recordings\recording_play.php uses an unsanitized "filename" variable coming from the URL, which is base64 decoded and reflected in HTML, leading to XSS. | |||||
| CVE-2019-16979 | 1 Fusionpbx | 1 Fusionpbx | 2019-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In FusionPBX up to v4.5.7, the file app\contacts\contact_urls.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | |||||
| CVE-2019-16973 | 1 Fusionpbx | 1 Fusionpbx | 2019-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. | |||||
| CVE-2019-17220 | 1 Rocket.chat | 1 Rocket.chat | 2019-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line. | |||||
| CVE-2019-5586 | 1 Fortinet | 1 Fortios | 2019-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "param" parameter of the error process HTTP requests. | |||||
| CVE-2019-8089 | 1 Adobe | 1 Experience Manager Forms | 2019-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2015-9493 | 1 Nlb-creationst | 1 My Wish List | 2019-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The my-wish-list plugin before 1.4.2 for WordPress has multiple XSS issues. | |||||
| CVE-2018-20758 | 1 Modx | 1 Modx Revolution | 2019-10-23 | 3.5 LOW | 5.4 MEDIUM |
| MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description. | |||||
| CVE-2019-16991 | 1 Fusionpbx | 1 Fusionpbx | 2019-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS. | |||||
| CVE-2019-16988 | 1 Fusionpbx | 1 Fusionpbx | 2019-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In FusionPBX up to v4.5.7, the file app\basic_operator_panel\resources\content.php uses an unsanitized "eavesdrop_dest" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS. | |||||
| CVE-2019-16970 | 1 Fusionpbx | 1 Fusionpbx | 2019-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS. | |||||
| CVE-2019-16978 | 1 Fusionpbx | 1 Fusionpbx | 2019-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In FusionPBX up to v4.5.7, the file app\devices\device_settings.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. | |||||
| CVE-2019-16972 | 1 Fusionpbx | 1 Fusionpbx | 2019-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | |||||
| CVE-2019-16969 | 1 Fusionpbx | 1 Fusionpbx | 2019-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS. | |||||
| CVE-2019-16974 | 1 Fusionpbx | 1 Fusionpbx | 2019-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | |||||
| CVE-2019-16968 | 1 Fusionpbx | 1 Fusionpbx | 2019-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. | |||||
| CVE-2019-16971 | 1 Fusionpbx | 1 Fusionpbx | 2019-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS. | |||||
| CVE-2015-9501 | 1 Artificial Intelligence Project | 1 Artificial Intelligence | 2019-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root. | |||||
| CVE-2019-17114 | 1 Wikidsystems | 1 Two Factor Authentication Enterprise Server | 2019-10-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scripting occurs immediately after a .csv file is uploaded. The malicious script is stored and can be executed again when the List Pre-Registration functionality is used. | |||||
| CVE-2019-17115 | 1 Wikidsystems | 1 Two Factor Authentication Enterprise Server | 2019-10-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The rendered_message column is retrieved and displayed, unsanitized, on Logs.jsp. A remote attack can populate the rendered_message column with malicious values via: (1) H parameter to /wikid/servlet/com.wikidsystems.server.GetDomainHash (2) S parameter to: - /wikid/DomainData - /wikid/PreRegisterLookup - /wikid/PreRegister - /wikid/InitDevice - /wikid/servlet/InitDevice2S - /wikid/servlet/InitDevice3S - /servlet/com.wikidsystems.server.InitDevice2S - /servlet/com.wikidsystems.server.InitDevice3S - /servlet/com.wikidsystems.server.InitDevice4S - /wikid/servlet/com.wikidsystems.server.InitDevice4AES - /wikid/servlet/com.wikidsystems.server.InitDevice5AES (3) a parameter to: - /wikid/PreRegisterLookup - /wikid/InitDevice - /wikid/servlet/InitDevice2S - /wikid/servlet/InitDevice3S - /servlet/com.wikidsystems.server.InitDevice2S - /servlet/com.wikidsystems.server.InitDevice3S - /servlet/com.wikidsystems.server.InitDevice4S - /wikid/servlet/com.wikidsystems.server.InitDevice4AES - /wikid/servlet/com.wikidsystems.server.InitDevice5AES. | |||||
| CVE-2019-17116 | 1 Wikidsystems | 1 Two Factor Authentication Enterprise Server | 2019-10-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/groups.jsp. The groupName parameter is vulnerable: the reflected cross-site scripting occurs immediately after the group is created. The malicious script is stored and will be executed again whenever /WiKIDAdmin/groups.jsp is visited. | |||||
| CVE-2019-12705 | 1 Cisco | 1 Telepresence Video Communication Server | 2019-10-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. | |||||
| CVE-2019-17189 | 1 Totemo | 1 Totemodata | 2019-10-22 | 3.5 LOW | 5.4 MEDIUM |
| totemodata 3.0.0_b936 has XSS via a folder name. | |||||
| CVE-2014-8992 | 1 Modx | 1 Modx Revolution | 2019-10-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in manager/assets/fileapi/FileAPI.flash.image.swf in MODX Revolution 2.3.2-pl allows remote attackers to inject arbitrary web script or HTML via the callback parameter. | |||||
| CVE-2014-8774 | 1 Modx | 1 Modx Revolution | 2019-10-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in manager/index.php in MODX Revolution 2.x before 2.2.15 allows remote attackers to inject arbitrary web script or HTML via the context_key parameter. | |||||
| CVE-2019-15269 | 1 Cisco | 68 Amp 7150, Amp 7150 Firmware, Amp 8150 and 65 more | 2019-10-22 | 3.5 LOW | 4.8 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2019-15268 | 1 Cisco | 68 Amp 7150, Amp 7150 Firmware, Amp 8150 and 65 more | 2019-10-22 | 3.5 LOW | 4.8 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2019-15270 | 1 Cisco | 12 Firepower Management Center, Firepower Management Center 1000, Firepower Management Center 1600 and 9 more | 2019-10-22 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2019-18209 | 1 Etherpad | 1 Etherpad | 2019-10-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer. | |||||
| CVE-2019-8160 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-10-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2019-15280 | 1 Cisco | 1 Firepower Management Center | 2019-10-22 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious code in certain sections of the interface that are visible to other users. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. An attacker would need valid administrator credentials to exploit this vulnerability. | |||||
| CVE-2019-15281 | 1 Cisco | 1 Identity Services Engine Software | 2019-10-22 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The attacker must have valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting malicious code into a troubleshooting file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2019-10715 | 1 Verodin | 1 Director | 2019-10-21 | 3.5 LOW | 5.4 MEDIUM |
| There is Stored XSS in Verodin Director 3.5.3.0 and earlier via input fields of certain tooltips, and on the Tags, Sequences, and Actors pages. | |||||