Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7344 | 1 Hikashop | 1 Hikashop | 2020-03-09 | 3.5 LOW | 4.8 MEDIUM |
| HikaShop Joomla Component before 2.6.0 has XSS via an injected payload[/caption]. | |||||
| CVE-2019-19772 | 1 Lexmark | 160 6500e, 6500e Firmware, C734 and 157 more | 2020-03-09 | 3.5 LOW | 5.4 MEDIUM |
| Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US. | |||||
| CVE-2019-19773 | 1 Lexmark | 160 6500e, 6500e Firmware, C734 and 157 more | 2020-03-09 | 3.5 LOW | 5.4 MEDIUM |
| Various Lexmark products have stored XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US. | |||||
| CVE-2020-9008 | 1 Blackboard | 1 Blackboard Learn | 2020-03-09 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor. | |||||
| CVE-2020-4082 | 1 Hcltech | 1 Connections | 2020-03-06 | 3.5 LOW | 5.4 MEDIUM |
| The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |||||
| CVE-2018-20101 | 1 Codection | 1 Import Users From Csv With Meta | 2020-03-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell. | |||||
| CVE-2020-3192 | 1 Cisco | 1 Prime Collaboration Provisioning | 2020-03-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2020-3185 | 1 Cisco | 1 Telepresence Management Suite | 2020-03-05 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web-based management interface or access sensitive, browser-based information. | |||||
| CVE-2020-10099 | 1 Zammad | 1 Zammad | 2020-03-05 | 3.5 LOW | 5.4 MEDIUM |
| An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Ticket functionality in Zammad. The malicious JavaScript will execute within the browser of any user who opens the ticket or has the ticket within the Toolbar. | |||||
| CVE-2020-10098 | 1 Zammad | 1 Zammad | 2020-03-05 | 3.5 LOW | 5.4 MEDIUM |
| An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Email functionality. The malicious JavaScript will execute within the browser of any user who opens the Ticket with the Article created from that Email. | |||||
| CVE-2020-10107 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2020-03-05 | 3.5 LOW | 5.4 MEDIUM |
| PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS, as demonstrated by the ExpenseItem or ExpenseCost parameter in manage-expense.php. | |||||
| CVE-2020-10103 | 1 Zammad | 1 Zammad | 2020-03-05 | 3.5 LOW | 5.4 MEDIUM |
| An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the File Upload functionality in Zammad. The malicious JavaScript will execute within the browser of any user who opens a specially crafted link to the uploaded file with an active Zammad session. | |||||
| CVE-2020-3157 | 1 Cisco | 1 Identity Services Engine | 2020-03-05 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by crafting a malicious configuration and saving it to the targeted system. An exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information when an administrator views the configuration. An attacker would need write permissions to exploit this vulnerability successfully. | |||||
| CVE-2019-19222 | 1 D-link | 2 Dsl-2680, Dsl-2680 Firmware | 2020-03-04 | 3.5 LOW | 5.4 MEDIUM |
| A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wireless_autonetwork_1 POST request. | |||||
| CVE-2019-19223 | 1 D-link | 2 Dsl-2680, Dsl-2680 Firmware | 2020-03-04 | 7.8 HIGH | 7.5 HIGH |
| A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to reboot the router by submitting a reboot.html GET request without being authenticated on the admin interface. | |||||
| CVE-2018-0602 | 1 Email Subscribers \& Newsletters Project | 1 Email Subscribers \& Newsletters | 2020-03-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Email Subscribers & Newsletters versions prior to 3.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-19371 | 1 Mitel | 1 Micollab Audio\, Web \& Video Conferencing | 2020-03-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the join meeting interface. A successful exploit could allow an attacker to execute arbitrary scripts. | |||||
| CVE-2019-20486 | 1 Netgear | 2 Wnr1000, Wnr1000 Firmware | 2020-03-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple pages (setup.cgi and adv_index.htm) within the web management console are vulnerable to stored XSS, as demonstrated by the configuration of the UI language. | |||||
| CVE-2019-19370 | 1 Mitel | 1 Micollab | 2020-03-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the web conferencing component of the Mitel MiCollab application before 9.0.15 for Android could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the file upload interface. A successful exploit could allow an attacker to execute arbitrary scripts. | |||||
| CVE-2018-15820 | 1 Easyio | 2 Easyio 30p, Easyio 30p Firmware | 2020-03-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| EasyIO EasyIO-30P devices before 2.0.5.27 allow XSS via the dev.htm GDN parameter. | |||||