Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15314 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2019-08-28 | 3.5 LOW | 5.4 MEDIUM |
| tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI. | |||||
| CVE-2019-15501 | 1 Lsoft | 1 Listserv | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter. | |||||
| CVE-2019-13274 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter. | |||||
| CVE-2017-18590 | 1 Bestwebsoft | 1 Timesheet | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The timesheet plugin before 0.1.5 for WordPress has multiple XSS issues. | |||||
| CVE-2019-15644 | 1 Zoho | 1 Salesiq | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS. | |||||
| CVE-2018-21001 | 1 Bologer | 1 Anycomment | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The anycomment plugin before 0.0.33 for WordPress has XSS. | |||||
| CVE-2019-15479 | 1 Status Board Project | 1 Status Board | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Status Board 1.1.81 has reflected XSS via dashboard.ts. | |||||
| CVE-2019-15227 | 1 Getflightpath | 1 Flightpath | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Console. This could lead to cookie stealing and other malicious actions. | |||||
| CVE-2019-15643 | 1 Etoilewebdesign | 1 Ultimate Faq | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ultimate-faqs plugin before 1.8.22 for WordPress has XSS. | |||||
| CVE-2017-18540 | 1 Deepsoft | 1 Weblibrarian | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The weblibrarian plugin before 3.4.8.7 for WordPress has XSS via front-end short codes. | |||||
| CVE-2018-6944 | 1 Ultimatemember | 1 Ultimate Member | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. | |||||
| CVE-2018-6943 | 1 Ultimatemember | 1 Ultimatemember | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. | |||||
| CVE-2018-19386 | 1 Solarwinds | 1 Database Performance Analyzer | 2019-08-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI. | |||||
| CVE-2016-6858 | 1 Sap | 1 Hybris | 2019-08-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Create Employee feature in Hybris Management Console (HMC) in SAP Hybris before 5.0.4.11, 5.1.0.x before 5.1.0.11, 5.1.1.x before 5.1.1.12, 5.2.0.x and 5.3.0.x before 5.3.0.10, 5.4.x before 5.4.0.9, 5.5.0.x before 5.5.0.9, 5.5.1.x before 5.5.1.10, 5.6.x before 5.6.0.8, and 5.7.x before 5.7.0.9 allows remote authenticated users to inject arbitrary web script or HTML via the Name field. | |||||
| CVE-2019-14221 | 1 1crm | 1 1crm On-premise | 2019-08-27 | 3.5 LOW | 5.4 MEDIUM |
| 1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation. | |||||
| CVE-2019-13476 | 1 Centos-webpanel | 1 Centos Web Panel | 2019-08-27 | 3.5 LOW | 5.4 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email list page. | |||||
| CVE-2018-20986 | 1 Advancedcustomfields | 1 Advanced Custom Fields | 2019-08-27 | 3.5 LOW | 5.4 MEDIUM |
| The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors. | |||||
| CVE-2014-10377 | 1 Cformsii Project | 1 Cformsii | 2019-08-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php. | |||||
| CVE-2019-15488 | 1 Igniterealtime | 1 Openfire | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test. | |||||
| CVE-2019-15476 | 1 Former Project | 1 Former | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Former before 4.2.1 has XSS via a checkbox value. | |||||
| CVE-2019-15482 | 1 Selectize-plugin-a11y Project | 1 Selectize-plugin-a11y | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| selectize-plugin-a11y before 1.1.0 has XSS via the msg field. | |||||
| CVE-2019-3966 | 1 Open-emr | 1 Openemr | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreign_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session. | |||||
| CVE-2019-11584 | 1 Atlassian | 1 Jira | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority. | |||||
| CVE-2018-12101 | 1 Clippercms | 1 Clippercms | 2019-08-26 | 3.5 LOW | 5.4 MEDIUM |
| CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields. | |||||
| CVE-2019-14427 | 1 Webstudio | 1 Ultimate Loan Manager | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch under the Branches button that sets the notes parameter with crafted JavaScript code. | |||||
| CVE-2019-15487 | 1 Schoolexperience | 1 Department For Education School Experience | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| DfE School Experience before v16333-GA has XSS via a teacher training URL. | |||||
| CVE-2019-15492 | 1 It-novum | 1 Openitcockpit | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21. | |||||
| CVE-2019-15489 | 1 Laracom | 1 Laracom | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| laracom (aka Laravel FREE E-Commerce Software) 1.4.11 has search?q= XSS. | |||||
| CVE-2019-15481 | 1 Kimai | 1 Kimai 2 | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Kimai v2 before 1.1 has XSS via a timesheet description. | |||||
| CVE-2019-15477 | 1 Jooby | 1 Jooby | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jooby before 1.6.4 has XSS via the default error handler. | |||||
| CVE-2019-15486 | 1 Django Js Reverse Project | 1 Django Js Reserve | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline. | |||||
| CVE-2019-15480 | 1 Domoticz | 1 Domoticz | 2019-08-26 | 3.5 LOW | 5.4 MEDIUM |
| Domoticz 4.10717 has XSS via item.Name. | |||||
| CVE-2014-10385 | 1 Memphis Documents Library Project | 1 Memphis Documents Library | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST. | |||||
| CVE-2013-7482 | 1 Reflex Gallery Project | 1 Reflex Gallery | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The reflex-gallery plugin before 1.4.3 for WordPress has XSS. | |||||
| CVE-2019-15317 | 1 Impress | 1 Givewp | 2019-08-26 | 3.5 LOW | 5.4 MEDIUM |
| The give plugin before 2.4.7 for WordPress has XSS via a donor name. | |||||
| CVE-2019-15095 | 1 Diaowen | 1 Dwsurvey | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter. | |||||
| CVE-2016-6154 | 2 Microsoft, Watchguard | 2 Windows, Fireware | 2019-08-26 | 5.8 MEDIUM | 6.1 MEDIUM |
| The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect). | |||||
| CVE-2019-15532 | 1 Gchq | 1 Cyberchef | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs. | |||||
| CVE-2017-18575 | 1 Newstatpress Project | 1 Newstatpress | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues. | |||||
| CVE-2017-18572 | 1 Sir | 1 Gnucommerce | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The gnucommerce plugin before 1.4.2 for WordPress has XSS. | |||||
| CVE-2019-15478 | 1 Status Board Project | 1 Status Board | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Status Board 1.1.81 has reflected XSS via logic.ts. | |||||
| CVE-2016-10920 | 1 Sir | 1 Gnucommerce | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS. | |||||
| CVE-2016-10919 | 1 Wassup Real Time Analytics Project | 1 Wassup Real Time Analytics | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::add_siteurl method, a different vulnerability than CVE-2012-2633. | |||||
| CVE-2018-20983 | 1 Meowapps | 1 Wp Retina 2x | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-retina-2x plugin before 5.2.3 for WordPress has XSS. | |||||
| CVE-2017-18582 | 1 Time Sheets Project | 1 Time Sheets | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The time-sheets plugin before 1.5.2 for WordPress has multiple XSS issues. | |||||
| CVE-2019-5594 | 1 Fortinet | 1 Fortinac | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. | |||||
| CVE-2019-0337 | 1 Sap | 1 Netweaver Process Integration | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting (XSS) vulnerability | |||||
| CVE-2019-0335 | 1 Sap | 1 Businessobjects Business Intelligence | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Under certain conditions SAP BusinessObjects Business Intelligence Platform (Central Management Console), versions 4.1, 4.2, 4.3, allows an attacker to store a malicious payload within the description field of a user account. The payload is triggered when the mouse cursor is moved over the description field in the list, when generating the little yellow informational pop up box, resulting in Stored Cross Site Scripting Attack. | |||||
| CVE-2018-20975 | 1 Fatfreecrm | 1 Fat Free Crm | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/tags_helper.rb. | |||||
| CVE-2015-9336 | 1 Codection | 1 Clean Login | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The clean-login plugin before 1.5.1 for WordPress has reflected XSS. | |||||