Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7339 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log (log.php) because proper filtration is omitted. | |||||
| CVE-2019-7336 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view _monitor_filters.php contains takes in input from the user and saves it into the session, and retrieves it later (insecurely). The values of the MonitorName and Source parameters are being displayed without any output filtration being applied. This relates to the view=cycle value. | |||||
| CVE-2019-7337 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 3.5 LOW | 4.8 MEDIUM |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view 'events' (events.php) insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader() in functions.php, which insecurely returns the value of the limit query string parameter without applying any filtration. | |||||
| CVE-2019-7335 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value. | |||||
| CVE-2019-7338 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration. | |||||
| CVE-2019-7334 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export (export.php) because proper filtration is omitted. | |||||
| CVE-2019-7333 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download (download.php) because proper filtration is omitted. | |||||
| CVE-2019-7332 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view download (download.php) because proper filtration is omitted. | |||||
| CVE-2019-7328 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted. | |||||
| CVE-2019-7327 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) because proper filtration is omitted. | |||||
| CVE-2019-7329 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS. | |||||
| CVE-2019-7330 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame (frame.php) because proper filtration is omitted. | |||||
| CVE-2019-7331 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check color" (monitor.php). There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack. | |||||
| CVE-2015-1444 | 1 Fli4l | 1 Fli4l | 2019-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web administration frontend in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allow remote attackers to inject arbitrary web script or HTML via the (1) conntrack.cgi, (2) index.cgi, (3) log_syslog.cgi, (4) problems.cgi, (5) status.cgi, (6) status_network.cgi, or (7) status_system.cgi script in admin/. | |||||
| CVE-2019-7326 | 1 Zoneminder | 1 Zoneminder | 2019-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. This relates to the index.php?view=monitor Host Name field. | |||||
| CVE-2019-7352 | 1 Zoneminder | 1 Zoneminder | 2019-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'state' (aka Run State) (state.php) does no input validation to the value supplied to the 'New State' (aka newState) field, allowing an attacker to execute HTML or JavaScript code. | |||||
| CVE-2019-7325 | 1 Zoneminder | 1 Zoneminder | 2019-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper filtration. | |||||
| CVE-2018-1000841 | 1 Zend | 1 Zendto | 2019-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser.. This attack appear to be exploitable via HTTP POST request. This vulnerability appears to have been fixed in 5.16-1 Beta. | |||||
| CVE-2018-19922 | 1 Actiontec | 2 C1000a, C1000a Firmware | 2019-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd' URL parameter in a /urlfilter.cmd POST request. | |||||
| CVE-2018-19041 | 1 Media File Manager Project | 1 Media File Manager | 2019-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI. | |||||
| CVE-2018-18940 | 1 Netscape | 1 Enterprise Server | 2019-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. NOTE: this product is discontinued. | |||||
| CVE-2019-7295 | 1 Typora | 1 Typora | 2019-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| typora through 0.9.63 has XSS, with resultant remote command execution, during block rendering of a mathematical formula. | |||||
| CVE-2019-7296 | 1 Typora | 1 Typora | 2019-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| typora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula. | |||||
| CVE-2019-7250 | 1 Cross Reference Project | 1 Cross Reference | 2019-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the Cross Reference Add-on 36 for Google Docs. Stored XSS in the preview boxes in the configuration panel may allow a malicious user to use both label text and references text to inject arbitrary JavaScript code (via SCRIPT elements, event handlers, etc.). Since this code is stored by the plugin, the attacker may be able to target anyone who opens the configuration panel of the plugin. | |||||
| CVE-2018-12611 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite 7.8.4 and earlier allows Directory Traversal. | |||||
| CVE-2018-19782 | 1 Freshrss | 1 Freshrss | 2019-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) c parameter or (2) a parameter. | |||||
| CVE-2014-9716 | 1 Kogmbh | 1 Webodf | 2019-01-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebODF before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via a file name. | |||||
| CVE-2018-1000415 | 1 Rebuild Project | 1 Rebuild | 2019-01-30 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugin 1.28 and earlier in RebuildAction/BooleanParameterValue.jelly, RebuildAction/ExtendedChoiceParameterValue.jelly, RebuildAction/FileParameterValue.jelly, RebuildAction/LabelParameterValue.jelly, RebuildAction/ListSubversionTagsParameterValue.jelly, RebuildAction/MavenMetadataParameterValue.jelly, RebuildAction/NodeParameterValue.jelly, RebuildAction/PasswordParameterValue.jelly, RebuildAction/RandomStringParameterValue.jelly, RebuildAction/RunParameterValue.jelly, RebuildAction/StringParameterValue.jelly, RebuildAction/TextParameterValue.jelly, RebuildAction/ValidatingStringParameterValue.jelly that allows users with Job/Configuration permission to insert arbitrary HTML into rebuild forms. | |||||
| CVE-2018-20071 | 1 Google | 1 Chrome | 2019-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker controled files via a crafted HTML page. | |||||
| CVE-2018-20367 | 1 Wstmart | 1 Wstmart | 2019-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "mall some commodity details: commodity consultation" component in WSTMart 2.0.8_181212 has stored XSS via the consultContent parameter, as demonstrated by the index.php/home/goodsconsult/add.html URI. | |||||
| CVE-2019-6992 | 1 Zoneminder | 1 Zoneminder | 2019-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI. | |||||
| CVE-2019-7172 | 1 Atutor | 1 Atutor | 2019-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php. | |||||
| CVE-2019-7168 | 1 Croogo | 1 Croogo | 2019-01-29 | 3.5 LOW | 4.8 MEDIUM |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog. | |||||
| CVE-2019-7169 | 1 Croogo | 1 Croogo | 2019-01-29 | 3.5 LOW | 4.8 MEDIUM |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3. | |||||
| CVE-2019-7170 | 1 Croogo | 1 Croogo | 2019-01-29 | 3.5 LOW | 4.8 MEDIUM |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies. | |||||
| CVE-2019-7171 | 1 Croogo | 1 Croogo | 2019-01-29 | 3.5 LOW | 4.8 MEDIUM |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8. | |||||
| CVE-2019-7173 | 1 Croogo | 1 Croogo | 2019-01-29 | 3.5 LOW | 4.8 MEDIUM |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4. | |||||
| CVE-2018-16084 | 2 Google, Redhat | 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2019-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page. | |||||
| CVE-2019-6979 | 1 Ip History Logs Project | 1 Ip History Logs | 2019-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the User IP History Logs (aka IP_History_Logs) plugin 1.0.2 for MyBB. There is XSS via the admin/modules/tools/ip_history_logs.php useragent field. | |||||
| CVE-2019-6990 | 1 Zoneminder | 1 Zoneminder | 2019-01-29 | 3.5 LOW | 5.4 MEDIUM |
| A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI. | |||||
| CVE-2018-19727 | 1 Adobe | 1 Experience Manager | 2019-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-19724 | 1 Adobe | 1 Experience Manager | 2019-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-19726 | 1 Adobe | 1 Experience Manager | 2019-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2019-6803 | 1 Typora | 1 Typora | 2019-01-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| typora through 0.9.9.20.3 beta has XSS, with resultant remote command execution, via the left outline bar. | |||||
| CVE-2015-9276 | 1 Smartertools | 1 Smartermail | 2019-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using an XSS attack, as the password reset page did not need the current password. | |||||
| CVE-2015-9281 | 6 Hpe, Ibm, Linux and 3 more | 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more | 2019-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page. | |||||
| CVE-2019-6777 | 1 Zoneminder | 1 Zoneminder | 2019-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter. | |||||
| CVE-2018-14846 | 1 Mondula | 1 Multi Step Form | 2019-01-24 | 3.5 LOW | 5.4 MEDIUM |
| The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php. | |||||
| CVE-2017-18358 | 1 Limesurvey | 1 Limesurvey | 2019-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| LimeSurvey before 2.72.4 has Stored XSS by using the Continue Later (aka Resume later) feature to enter an email address, which is mishandled in the admin panel. | |||||
| CVE-2018-16199 | 1 Toshiba | 4 Hem-gw16a, Hem-gw16a Firmware, Hem-gw26a and 1 more | 2019-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||