Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3149 | 2 Invisioncommunity, Invisionpower | 2 Invision Power Board, Ip.nexus | 2020-06-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or IP.Nexus 1.5.x through 1.5.9, as downloaded before 20140424, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-5106 | 1 Invisioncommunity | 1 Invision Power Board | 2020-06-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php. | |||||
| CVE-2010-3424 | 1 Invisioncommunity | 1 Invision Power Board | 2020-06-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2020-13762 | 1 Joomla | 1 Joomla\! | 2020-06-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows XSS. | |||||
| CVE-2020-4023 | 1 Atlassian | 2 Crucible, Fisheye | 2020-06-02 | 4.3 MEDIUM | 5.4 MEDIUM |
| The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the committerFilter parameter. | |||||
| CVE-2019-11843 | 1 Mailpoet | 1 Mailpoet | 2020-06-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL (Reflective Server-Side XSS). | |||||
| CVE-2014-8944 | 1 Piwigo | 1 Lexiglot | 2020-06-02 | 3.5 LOW | 5.4 MEDIUM |
| Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter. | |||||
| CVE-2020-4503 | 1 Ibm | 1 Planning Analytics Local | 2020-06-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182283. | |||||
| CVE-2020-4013 | 1 Atlassian | 2 Crucible, Fisheye | 2020-06-02 | 3.5 LOW | 5.4 MEDIUM |
| The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives. | |||||
| CVE-2020-4360 | 1 Ibm | 1 Planning Analytics Local | 2020-06-02 | 3.5 LOW | 5.4 MEDIUM |
| IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178765. | |||||
| CVE-2020-4366 | 1 Ibm | 1 Planning Analytics Local | 2020-06-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178965. | |||||
| CVE-2020-4431 | 1 Ibm | 1 Planning Analytics Local | 2020-06-02 | 3.5 LOW | 5.4 MEDIUM |
| IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 180761. | |||||
| CVE-2018-18545 | 1 Fiyo | 1 Fiyo Cms | 2020-06-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter. | |||||
| CVE-2020-13758 | 1 Bitrix | 1 Bitrix24 | 2020-06-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload. | |||||
| CVE-2020-8035 | 1 Horde | 1 Groupware | 2020-05-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL. | |||||
| CVE-2020-8034 | 1 Horde | 2 Gollem, Groupware | 2020-05-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL. | |||||
| CVE-2018-18405 | 1 Jquery | 1 Jquery | 2020-05-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry. | |||||
| CVE-2017-1000427 | 1 Marked Project | 1 Marked | 2020-05-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser. | |||||
| CVE-2020-4306 | 1 Ibm | 1 Planning Analytics Local | 2020-05-29 | 3.5 LOW | 5.4 MEDIUM |
| IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176735. | |||||
| CVE-2020-4419 | 1 Ibm | 1 Jazz Reporting Service | 2020-05-29 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 180071. | |||||