Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13200 | 1 Kyocera | 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware | 2020-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Reflected XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions. | |||||
| CVE-2020-10242 | 1 Joomla | 1 Joomla\! | 2020-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks. | |||||
| CVE-2019-14512 | 1 Limesurvey | 1 Limesurvey | 2020-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/PanelBoxWidget/views/box.php or a label title in application/views/admin/labels/labelview_view.php. | |||||
| CVE-2019-19210 | 1 Dolibarr | 1 Dolibarr | 2020-03-18 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files. | |||||
| CVE-2019-19211 | 1 Dolibarr | 1 Dolibarr | 2020-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS. | |||||
| CVE-2018-10125 | 1 Contao | 1 Contao | 2020-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Contao before 4.5.7 has XSS in the system log. | |||||
| CVE-2020-6586 | 1 Nagios | 1 Nagios | 2020-03-18 | 3.5 LOW | 5.4 MEDIUM |
| Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered. | |||||
| CVE-2019-13167 | 1 Xerox | 2 Phaser 3320, Phaser 3320 Firmware | 2020-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions. | |||||
| CVE-2020-10196 | 1 Sygnoos | 1 Popup-builder | 2020-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. It is possible for an unauthenticated attacker to insert malicious JavaScript in several of the popup's fields by sending a request to wp-admin/admin-ajax.php with the POST action parameter of sgpb_autosave and including additional data in an allPopupData parameter, including the popup's ID (which is visible in the source of the page in which the popup is inserted) and arbitrary JavaScript which will then be executed in the browsers of visitors to that page. Because the plugin functionality automatically adds script tags to data entered into these fields, this injection will typically bypass most WAF applications. | |||||
| CVE-2019-18578 | 1 Dell | 1 Xtremio Management Server | 2020-03-18 | 6.0 MEDIUM | 9.0 CRITICAL |
| Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the injected page through their browsers, the malicious code may be executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2019-3769 | 1 Dell | 1 Wyse Management Suite | 2020-03-18 | 3.5 LOW | 6.4 MEDIUM |
| Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious payload in the device heartbeat request. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. | |||||
| CVE-2019-3770 | 1 Dell | 1 Wyse Management Suite | 2020-03-18 | 3.5 LOW | 6.4 MEDIUM |
| Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. | |||||
| CVE-2019-6699 | 1 Fortinet | 1 Fortiadc | 2020-03-18 | 3.5 LOW | 5.4 MEDIUM |
| An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface. | |||||
| CVE-2009-5159 | 2 Invisioncommunity, Microsoft | 2 Invision Power Board, Internet Explorer | 2020-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment. | |||||
| CVE-2020-10544 | 1 Primetek | 1 Primefaces | 2020-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation. | |||||
| CVE-2020-10078 | 1 Gitlab | 1 Gitlab | 2020-03-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability. | |||||
| CVE-2020-10076 | 1 Gitlab | 1 Gitlab | 2020-03-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests. | |||||
| CVE-2019-16156 | 1 Fortinet | 1 Fortiweb | 2020-03-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS). | |||||
| CVE-2018-14476 | 1 Metalgenix | 1 Genixcms | 2020-03-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation. | |||||
| CVE-2020-6643 | 1 Fortinet | 1 Fortiisolator | 2020-03-17 | 3.5 LOW | 5.4 MEDIUM |
| An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack (XSS). | |||||