Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16069 | 1 Netsas | 1 Enigma Network Management Solution | 2020-03-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A number of stored Cross-site Scripting (XSS) vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through the SNMP protocol. | |||||
| CVE-2019-19851 | 1 Sangoma | 1 Freepbx | 2020-03-20 | 3.5 LOW | 4.8 MEDIUM |
| An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta through 13.0.4.7, 14.x through 14.0.24, and 15.x through 15.0.2.20. | |||||
| CVE-2009-1879 | 1 Adobe | 1 Flex Sdk | 2020-03-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.template.html in the express-install templates in the SDK in Adobe Flex before 3.4, when the installed Flash version is older than a specified requiredMajorVersion value, allows remote attackers to inject arbitrary web script or HTML via the query string. | |||||
| CVE-2020-9443 | 1 Zulipchat | 1 Zulip Desktop | 2020-03-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82. | |||||
| CVE-2019-19381 | 1 Abacus | 1 Abacus | 2020-03-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| oauth/oauth2/v1/saml/ in Abacus OAuth Login 2019_01_r4_20191021_0000 before prior to R4 (20.11.2019 Hotfix) allows Reflected Cross Site Scripting (XSS) via an error message. | |||||
| CVE-2019-20526 | 1 Igniterealtime | 1 Openfire | 2020-03-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter. | |||||
| CVE-2019-20525 | 1 Igniterealtime | 1 Openfire | 2020-03-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter. | |||||
| CVE-2019-20528 | 1 Igniterealtime | 1 Openfire | 2020-03-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter. | |||||
| CVE-2019-19198 | 1 Scoutnet | 1 Kalender | 2020-03-19 | 3.5 LOW | 5.4 MEDIUM |
| The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS. | |||||
| CVE-2019-14884 | 1 Moodle | 1 Moodle | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a reflected XSS possible from some fatal error messages. | |||||
| CVE-2020-7258 | 1 Mcafee | 1 Network Security Manager | 2020-03-19 | 3.5 LOW | 4.8 MEDIUM |
| Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. | |||||
| CVE-2020-7256 | 1 Mcafee | 1 Network Security Manager | 2020-03-19 | 3.5 LOW | 4.8 MEDIUM |
| Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. | |||||
| CVE-2019-20527 | 1 Igniterealtime | 1 Openfire | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter. | |||||
| CVE-2020-6646 | 1 Fortinet | 1 Fortiweb | 2020-03-19 | 3.5 LOW | 5.4 MEDIUM |
| An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message. | |||||
| CVE-2019-19461 | 1 Teampasswordmanager | 1 Team Password Manager | 2020-03-19 | 3.5 LOW | 5.4 MEDIUM |
| Post-authentication Stored XSS in Team Password Manager through 7.93.204 allows attackers to steal other users' credentials by creating a shared password with HTML code as the title. | |||||
| CVE-2019-20521 | 1 Frappe | 1 Erpnext | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/ URI. | |||||
| CVE-2019-20517 | 1 Frappe | 1 Erpnext | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the contact/ URI. | |||||
| CVE-2019-20520 | 1 Frappe | 1 Erpnext | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/method/ URI. | |||||
| CVE-2019-20519 | 1 Frappe | 1 Erpnext | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the user/ URI, as demonstrated by a crafted e-mail address. | |||||
| CVE-2019-20518 | 1 Frappe | 1 Erpnext | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the project/ URI. | |||||