Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20515 | 1 Frappe | 1 Erpnext | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the addresses/ URI. | |||||
| CVE-2019-20516 | 1 Frappe | 1 Erpnext | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the blog/ URI. | |||||
| CVE-2019-20514 | 1 Frappe | 1 Erpnext | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the address/ URI. | |||||
| CVE-2019-12366 | 1 9folders | 1 Nine | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Nine application through 4.5.3a for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | |||||
| CVE-2019-12368 | 1 Edison | 1 Edison Mail | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Edison Mail application through 1.7.1 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | |||||
| CVE-2019-12369 | 1 Typeapp | 1 Typeapp | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The TypeApp application through 1.9.5.35 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | |||||
| CVE-2019-12367 | 1 Blixhq | 1 Bluemail | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The BlueMail application through 1.9.5.36 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | |||||
| CVE-2019-12365 | 1 Cloudmagic | 1 Newton | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Newton application through 10.0.23 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | |||||
| CVE-2019-12370 | 1 Readdle | 1 Spark | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Spark application through 2.0.2 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | |||||
| CVE-2019-20497 | 1 Cpanel | 1 Cpanel | 2020-03-19 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533). | |||||
| CVE-2019-20512 | 1 Open.edx | 1 Ironwood | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Open edX Ironwood.1 allows support/certificates?course_id= reflected XSS. | |||||
| CVE-2019-19615 | 1 Sangoma | 1 Freepbx | 2020-03-19 | 3.5 LOW | 4.8 MEDIUM |
| Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and embed malicious XSS code via a link. When another user (such as an admin) clicks the link, the XSS payload will render and execute in the context of the victim user's account. | |||||
| CVE-2019-19852 | 1 Sangoma | 1 Freepbx | 2020-03-19 | 3.5 LOW | 4.8 MEDIUM |
| An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel through 13.0.26.9, 14.x through 14.0.2.14, and 15.x through 15.0.15.4. | |||||
| CVE-2019-20524 | 1 Ilch | 1 Ilch Cms | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| ilchCMS 2.1.23 allows XSS via the index.php/partner/index Banner parameter. | |||||
| CVE-2019-20523 | 1 Ilch | 1 Ilch Cms | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| ilchCMS 2.1.23 allows XSS via the index.php/partner/index Name parameter. | |||||
| CVE-2019-20522 | 1 Ilch | 1 Ilch Cms | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| ilchCMS 2.1.23 allows XSS via the index.php/partner/index Link parameter. | |||||
| CVE-2019-13198 | 1 Kyocera | 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Stored XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions. | |||||
| CVE-2020-10113 | 1 Cpanel | 1 Cpanel | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515). | |||||
| CVE-2020-10114 | 1 Cpanel | 1 Cpanel | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535). | |||||
| CVE-2019-20493 | 1 Cpanel | 1 Cpanel | 2020-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520). | |||||