Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0698 | 1 Weseek | 1 Growi | 2019-01-23 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-16206 | 1 Ohtanz | 1 Spam-byebye | 2019-01-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WordPress plugin spam-byebye 2.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-20682 | 1 Fork-cms | 1 Fork Cms | 2019-01-23 | 3.5 LOW | 5.4 MEDIUM |
| Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section). | |||||
| CVE-2016-10737 | 1 S9y | 1 Serendipity | 2019-01-23 | 3.5 LOW | 5.4 MEDIUM |
| Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter. | |||||
| CVE-2018-20731 | 1 Nedi | 1 Nedi | 2019-01-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via User-Chat.php. | |||||
| CVE-2018-20729 | 1 Nedi | 1 Nedi | 2019-01-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via the reg parameter in mh.php. | |||||
| CVE-2019-0646 | 1 Microsoft | 1 Team Foundation Server | 2019-01-22 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team. | |||||
| CVE-2019-6278 | 1 Jpress | 1 Jpress | 2019-01-18 | 3.5 LOW | 5.4 MEDIUM |
| XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option. | |||||
| CVE-2019-6248 | 1 Citysearch \/ Hotfrog \/ Gelbeseiten Clone Script Project | 1 Citysearch \/ Hotfrog \/ Gelbeseiten Clone Script | 2019-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 has Reflected XSS via the srch parameter, as demonstrated by restaurants-details.php. | |||||
| CVE-2018-16193 | 1 Nec | 4 Aterm Wf1200cr, Aterm Wf1200cr Firmware, Aterm Wg1200cr and 1 more | 2019-01-17 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-0238 | 1 Sap | 1 Hybris | 2019-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Commerce (previously known as SAP Hybris Commerce), before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-16180 | 1 Daj | 1 I-filter | 2019-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-20524 | 1 Urlchatbox | 1 Chat Anywhere | 2019-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted use of <<a> in a message, because a danmuWrapper DIV element in chatbox-only\danmu.js is outside the scope of a Content Security Policy (CSP). | |||||
| CVE-2019-0244 | 1 Sap | 3 Customer Relationship Management Webclient Ui, S4fnd, Sapscore | 2019-01-17 | 3.5 LOW | 5.4 MEDIUM |
| SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-0245 | 1 Sap | 3 Customer Relationship Management Webclient Ui, S4fnd, Sapscore | 2019-01-17 | 3.5 LOW | 5.4 MEDIUM |
| SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-6267 | 1 Premiumwpsuite | 1 Easy Redirect Manager | 2019-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for WordPress has XSS via a crafted GET request that is mishandled during log viewing at the templates/admin/redirect-log.php URI. | |||||
| CVE-2018-1772 | 1 Ibm | 1 Spss Analytic Server | 2019-01-17 | 3.5 LOW | 5.4 MEDIUM |
| IBM SPSS Analytic Server 3.1.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148689. | |||||
| CVE-2015-9279 | 1 Mailenable | 1 Mailenable | 2019-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message. | |||||
| CVE-2018-16164 | 1 Web-dorado | 1 Event Calendar Wd | 2019-01-16 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-16205 | 1 Weseek | 1 Growi | 2019-01-16 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via New Page modal. | |||||
| CVE-2018-20703 | 1 Cubecart | 1 Cubecart | 2019-01-16 | 3.5 LOW | 5.4 MEDIUM |
| CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string. | |||||
| CVE-2019-6243 | 1 Frog Cms Project | 1 Frog Cms | 2019-01-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI). | |||||
| CVE-2018-1000413 | 1 Config File Provider Project | 1 Config File Provider | 2019-01-15 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins. | |||||
| CVE-2018-8827 | 1 Technicolor | 2 Tg789vac, Tg789vac Firmware | 2019-01-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS. | |||||
| CVE-2018-20326 | 1 Chinamobile | 2 Gpn2.4p21-c-cn, Gpn2.4p21-c-cn Firmware | 2019-01-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have XSS via the cgi-bin/webproc?getpage=html/index.html var:subpage parameter. | |||||
| CVE-2019-3501 | 1 Ougc Awards Project | 1 Ougc Awards | 2019-01-15 | 3.5 LOW | 4.8 MEDIUM |
| The OUGC Awards plugin before 1.8.19 for MyBB allows XSS via a crafted award reason that is mishandled on the awards page or in a user profile. | |||||
| CVE-2018-20663 | 1 Haulmont | 2 Cuba Platform, Reporting | 2019-01-15 | 3.5 LOW | 5.4 MEDIUM |
| The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the "Reports > Reports" name field. | |||||
| CVE-2018-20583 | 1 Thephpleague | 1 Commonmark | 2019-01-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote attackers to insert unsafe URLs into HTML (even if allow_unsafe_links is false) via a newline character (e.g., writing javascript as javascri%0apt). | |||||
| CVE-2018-20594 | 1 Hsweb | 1 Hsweb | 2019-01-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java. | |||||
| CVE-2018-20368 | 1 Averta | 1 Master Slider | 2019-01-15 | 3.5 LOW | 5.4 MEDIUM |
| The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback. | |||||
| CVE-2018-20369 | 1 Barracuda | 1 Message Archiver | 2019-01-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module. The injection point of the issue is the Add_Update module. | |||||
| CVE-2016-10736 | 1 Devpups | 1 Social Pug | 2019-01-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "Social Pug - Easy Social Share Buttons" plugin before 1.2.6 for WordPress allows XSS via the wp-admin/admin.php?page=dpsp-toolkit dpsp_message_class parameter. | |||||
| CVE-2018-1000826 | 1 Microweber | 1 Microweber | 2019-01-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Microweber version <= 1.0.7 contains a Cross Site Scripting (XSS) vulnerability in Admin login form template that can result in Execution of JavaScript code. | |||||
| CVE-2019-0556 | 1 Microsoft | 1 Sharepoint Server | 2019-01-15 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2019-0557, CVE-2019-0558. | |||||
| CVE-2019-0557 | 1 Microsoft | 1 Sharepoint Server | 2019-01-15 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2019-0556, CVE-2019-0558. | |||||
| CVE-2019-0558 | 1 Microsoft | 2 Business Productivity Servers, Sharepoint Server | 2019-01-15 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557. | |||||
| CVE-2018-14481 | 1 Osclass | 1 Osclass | 2019-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280. | |||||
| CVE-2018-18005 | 1 Vivotek | 1 Camera | 2019-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter. | |||||
| CVE-2018-18244 | 1 Vivotek | 1 Camera | 2019-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header. | |||||
| CVE-2018-19799 | 1 Dolibarr | 1 Dolibarr | 2019-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS. | |||||
| CVE-2018-16165 | 1 Jpcert | 1 Logontracer | 2019-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-20486 | 1 Metinfo | 1 Metinfo | 2019-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php url_array[] parameter. | |||||
| CVE-2018-19414 | 1 Plikli | 1 Plikli Cms | 2019-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to groups.php; (2) username parameter to login.php; or (3) date parameter to search.php. | |||||
| CVE-2018-20379 | 1 Technicolor | 2 Dpc3928sl, Dpc3928sl Firmware | 2019-01-14 | 2.6 LOW | 4.7 MEDIUM |
| Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices allow XSS via a Cross Protocol Injection attack with setSSID of 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.1.1.3.10001. | |||||
| CVE-2018-20373 | 1 Tendacn | 2 Adsl, Adsl Firmware | 2019-01-14 | 3.5 LOW | 5.4 MEDIUM |
| Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP client. | |||||
| CVE-2018-16173 | 1 Thimpress | 1 Learnpress | 2019-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-19924 | 1 Sales \& Company Management System Project | 1 Sales \& Company Management System | 2019-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. An email address can be modified in between the request for a validation code and the entry of the validation code, leading to storage of an XSS payload contained in the modified address. | |||||
| CVE-2018-20680 | 1 Frog Cms Project | 1 Frog Cms | 2019-01-11 | 3.5 LOW | 4.8 MEDIUM |
| Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field. | |||||
| CVE-2018-12672 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2019-01-11 | 3.5 LOW | 5.4 MEDIUM |
| The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not perform proper validation on user-supplied input and is vulnerable to cross-site scripting attacks. If proper authorization was implemented, this vulnerability could be leveraged to perform actions on behalf of another user or the administrator. | |||||
| CVE-2018-20372 | 1 Tp-link | 2 Td-w8961nd, Td-w8961nd Firmware | 2019-01-11 | 3.5 LOW | 5.4 MEDIUM |
| TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client. | |||||