Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20627 | 1 Consumer Reviews Script Project | 1 Consumer Reviews Script | 2020-08-24 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box. | |||||
| CVE-2018-20859 | 1 Edx | 1 Edx-platform | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem. | |||||
| CVE-2018-1671 | 1 Ibm | 1 Curam Social Program Management | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-force ID: 144951. | |||||
| CVE-2018-10554 | 1 Nagios | 1 Nagios Xi | 2020-08-24 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelper.php opts or background parameter; (4) the i[] array parameter to ajax_handler.php; or (5) the deploynotification.php title parameter. | |||||
| CVE-2018-7724 | 1 Piwigo | 1 Piwigo | 2020-08-24 | 3.5 LOW | 5.4 MEDIUM |
| The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request. CSRF exploitation, related to CVE-2017-10681, may be possible. | |||||
| CVE-2020-1573 | 1 Microsoft | 4 Sharepoint Designer, Sharepoint Enterprise Server, Sharepoint Foundation and 1 more | 2020-08-24 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1580. | |||||
| CVE-2020-1591 | 1 Microsoft | 1 Dynamics 365 | 2020-08-24 | 3.5 LOW | 5.4 MEDIUM |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. | |||||
| CVE-2013-5612 | 7 Canonical, Fedoraproject, Mozilla and 4 more | 16 Ubuntu Linux, Fedora, Firefox and 13 more | 2020-08-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header. | |||||
| CVE-2016-11085 | 1 Expresstech | 1 Quiz And Survey Master | 2020-08-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishandles parsing inside of a SCRIPT element. | |||||
| CVE-2020-15781 | 1 Siemens | 2 Sicam A8000, Sicam A8000 Firmware | 2020-08-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to generate specially crafted log messages. If an unsuspecting victim views the log messages via the web browser, these log messages might be interpreted and executed as code by the web application. This Cross-Site-Scripting (XSS) vulnerability might compromize the confidentiality, integrity and availability of the web application. | |||||
| CVE-2020-13183 | 1 Teradici | 1 Pcoip Management Console | 2020-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross Site Scripting in Teradici PCoIP Management Console prior to 20.07 could allow an attacker to take over the user's active session if the user is exposed to a malicious payload. | |||||
| CVE-2020-3346 | 1 Cisco | 1 Unified Communications Manager | 2020-08-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. | |||||
| CVE-2020-3464 | 1 Cisco | 1 Ucs Director | 2020-08-20 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco UCS Director could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need administrative credentials on the affected device. | |||||
| CVE-2020-15926 | 1 Rocket.chat | 1 Rocket.chat | 2020-08-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Rocket.Chat through 3.4.2 allows XSS where an attacker can send a specially crafted message to a channel or in a direct message to the client which results in remote code execution on the client side. | |||||
| CVE-2017-17478 | 1 Pega | 1 Pega Platform | 2020-08-20 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. A user with developer credentials can insert malicious code (up to 64 characters) into a text field in Designer Studio, after establishing context. Designer Studio is the developer workbench for Pega Platform. That XSS payload will execute when other developers visit the affected pages. | |||||
| CVE-2020-8774 | 1 Pega | 1 Pega Platform | 2020-08-20 | 6.8 MEDIUM | 8.8 HIGH |
| Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function. | |||||
| CVE-2020-3463 | 1 Cisco | 1 Webex Meetings Online | 2020-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2018-1461 | 1 Ibm | 14 San Volume Controller, San Volume Controller Firmware, Spectrum Virtualize and 11 more | 2020-08-19 | 3.5 LOW | 5.4 MEDIUM |
| IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140362. | |||||
| CVE-2019-6112 | 1 Graphpaperpress | 1 Sell Media | 2020-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field). | |||||
| CVE-2019-7410 | 1 Galileo Cms Project | 1 Galileo Cms | 2020-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $page_title in /lib/Galileo/files/templates/page/show.html.ep (aka the PAGE TITLE Field). | |||||