Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13950 | 1 Syguestbook A5 Project | 1 Syguestbook A5 | 2019-07-19 | 3.5 LOW | 5.4 MEDIUM |
| index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored XSS via a reply to a comment. | |||||
| CVE-2016-10763 | 1 Automattic | 1 Camptix Event Ticketing | 2019-07-18 | 3.5 LOW | 4.8 MEDIUM |
| The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body. | |||||
| CVE-2019-10017 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-07-18 | 3.5 LOW | 5.4 MEDIUM |
| CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker. | |||||
| CVE-2019-13493 | 1 Sitecore | 1 Experience Platform | 2019-07-18 | 3.5 LOW | 5.4 MEDIUM |
| In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript. | |||||
| CVE-2019-13448 | 1 Sertek | 1 Xpare | 2019-07-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could exploit the vulnerable function in order to prepare an XSS payload to send to the product's clients. | |||||
| CVE-2019-1076 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-07-18 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. | |||||
| CVE-2019-1010307 | 1 Glpi-project | 1 Glpi | 2019-07-18 | 3.5 LOW | 5.4 MEDIUM |
| GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). The impact is: All dropdown values are vulnerable to XSS leading to privilege escalation and executing js on admin. The component is: /glpi/ajax/getDropDownValue.php. The attack vector is: 1- User Create a ticket , 2- Admin opens another ticket and click on the "Link Tickets" feature, 3- a request to the endpoint fetches js and executes it. | |||||
| CVE-2018-9861 | 2 Ckeditor, Drupal | 2 Enhanced Image, Drupal | 2019-07-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG element. | |||||
| CVE-2019-1010008 | 1 Openenergymonitor | 1 Emoncms | 2019-07-18 | 3.5 LOW | 5.4 MEDIUM |
| OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting (XSS). The impact is: Theoretically low, but might potentially enable persistent XSS (user could embed mal. code). The component is: Javascript code execution in "Name", "Location", "Bio" and "Starting Page" fields in the "My Account" page. File: Lib/listjs/list.js, line 67. The attack vector is: unknown, victim must open profile page if persistent was possible. | |||||
| CVE-2019-0281 | 1 Sap | 1 Openui5 | 2019-07-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-13346 | 1 Myt Project | 1 Myt | 2019-07-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MyT 1.5.1, the User[username] parameter has XSS. | |||||
| CVE-2019-13506 | 1 Nuxtjs | 2 \@nuxt\/devalue, Nuxt.js | 2019-07-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| @nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mishandles object keys, leading to XSS. | |||||
| CVE-2014-1223 | 1 Telligent | 1 Evolution | 2019-07-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in controlpanel/loading.aspx in Telligent Evolution before 6.1.19.36103, 7.x before 7.1.12.36162, 7.5.x, and 7.6.x before 7.6.7.36651 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-0362 | 1 Google | 1 Search Appliance Software | 2019-07-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability on Google Search Appliance (GSA) devices before 7.0.14.G.216 and 7.2 before 7.2.0.G.114, when dynamic navigation is configured, allows remote attackers to inject arbitrary web script or HTML via input included in a SCRIPT element. | |||||
| CVE-2019-0326 | 1 Sap | 1 Businessobjects Business Intelligence | 2019-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Enterprise), versions 4.1, 4.2, 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-11734 | 1 E107 | 1 E107 | 2019-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| In e107 v2.1.7, output without filtering results in XSS. | |||||
| CVE-2018-17960 | 1 Ckeditor | 1 Ckeditor | 2019-07-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste. | |||||
| CVE-2019-12732 | 1 Chartkick Project | 1 Chartkick | 2019-07-17 | 2.6 LOW | 4.7 MEDIUM |
| The Chartkick gem through 3.1.0 for Ruby allows XSS. | |||||
| CVE-2019-1010005 | 1 Hexoeditor Project | 1 Hexoeditor | 2019-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| HexoEditor v1.1.8-beta is affected by: XSS to code execution. | |||||
| CVE-2019-13122 | 1 Ozlabs | 1 Patchwork | 2019-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in the template tag used to render message ids in Patchwork v1.1 through v2.1.x. This allows an attacker to insert JavaScript or HTML into the patch detail page via an email sent to a mailing list consumed by Patchwork. This affects the function msgid in templatetags/patch.py. Patchwork versions v2.1.4 and v2.0.4 will contain the fix. | |||||
| CVE-2019-0870 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0871. | |||||
| CVE-2019-0979 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-07-16 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0872. | |||||
| CVE-2019-0874 | 1 Microsoft | 1 Azure Devops Server | 2019-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'. | |||||
| CVE-2019-0866 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871. | |||||
| CVE-2019-0867 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871. | |||||
| CVE-2019-0872 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-07-16 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0979. | |||||
| CVE-2019-0868 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0870, CVE-2019-0871. | |||||
| CVE-2019-0871 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0870. | |||||
| CVE-2019-12471 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2019-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | |||||
| CVE-2018-19573 | 1 Gitlab | 1 Gitlab | 2019-07-16 | 3.5 LOW | 5.4 MEDIUM |
| GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid. | |||||
| CVE-2018-19570 | 1 Gitlab | 1 Gitlab | 2019-07-16 | 3.5 LOW | 5.4 MEDIUM |
| GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags. | |||||
| CVE-2018-19574 | 1 Gitlab | 1 Gitlab | 2019-07-16 | 3.5 LOW | 5.4 MEDIUM |
| GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page. | |||||
| CVE-2019-13505 | 1 Dwbooster | 1 Appointment Hour Booking | 2019-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1. | |||||
| CVE-2019-12540 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2019-07-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field. | |||||
| CVE-2019-1010028 | 1 School College Portal With Erp Script Project | 1 School College Portal With Erp Script | 2019-07-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpscriptsmall.com School College Portal with ERP Script 2.6.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attack administrators and teachers, students and more. The component is: /pro-school/index.php?student/message/send_reply/. The attack vector is: <img src=x onerror=alert(document.domain) />. | |||||
| CVE-2019-1010016 | 1 Dolibarr | 1 Dolibarr | 2019-07-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker. | |||||
| CVE-2019-0329 | 1 Sap | 1 Information Steward | 2019-07-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Information Steward, version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-13488 | 1 Trape Project | 1 Trape | 2019-07-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in static/js/trape.js in Trape through 2019-05-08 allows remote attackers to inject arbitrary web script or HTML via the country, query, or refer parameter to the /register URI, because the jQuery prepend() method is used. | |||||
| CVE-2018-17150 | 1 Intersystems | 1 Cache | 2019-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Intersystems Cache 2017.2.2.865.0 allows XSS. | |||||
| CVE-2019-1010003 | 1 Leanote | 1 Leanote | 2019-07-12 | 3.5 LOW | 6.1 MEDIUM |
| Leanote prior to version 2.6 is affected by: Cross Site Scripting (XSS). | |||||
| CVE-2019-1010314 | 1 Gitea | 1 Gitea | 2019-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page. | |||||
| CVE-2019-13562 | 1 Dlink | 2 Dir-655, Dir-655 Firmware | 2019-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the /www/apply_sec.cgi html_response_return_page parameter. | |||||
| CVE-2019-12748 | 1 Typo3 | 1 Typo3 | 2019-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS. | |||||
| CVE-2018-13809 | 1 Siemens | 4 Cp 1604, Cp 1604 Firmware, Cp 1616 and 1 more | 2019-07-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated web server of the affected CP devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into following a malicious link. User interaction is required for a successful exploitation. At the time of advisory publication no public exploitation of this vulnerability was known. | |||||
| CVE-2018-19579 | 1 Gitlab | 1 Gitlab | 2019-07-11 | 3.5 LOW | 5.4 MEDIUM |
| GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1. | |||||
| CVE-2018-19493 | 1 Gitlab | 1 Gitlab | 2019-07-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding. | |||||
| CVE-2018-17147 | 1 Nagios | 1 Nagios Xi | 2019-07-11 | 3.5 LOW | 4.8 MEDIUM |
| Nagios XI before 5.5.4 has XSS in the auto login admin management page. | |||||
| CVE-2019-8920 | 1 Apachefriends | 1 Xampp | 2019-07-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| iart.php in XAMPP 1.7.0 has XSS, a related issue to CVE-2008-3569. | |||||
| CVE-2012-0891 | 1 Puppet | 2 Puppet Dashboard, Puppet Enterprise | 2019-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields. | |||||
| CVE-2017-6217 | 1 Paypal | 1 Adaptive Payments Sdk | 2019-07-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| paypal/adaptivepayments-sdk-php v3.9.2 is vulnerable to a reflected XSS in the SetPaymentOptions.php resulting code execution | |||||