Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5216 | 1 Ipsilon-project | 1 Ipsilon | 2020-02-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly escape certain characters in a Python exception-message template, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via an HTTP response. | |||||
| CVE-2013-4395 | 1 Simplemachines | 1 Simple Machines Forum | 2020-02-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Simple Machines Forum (SMF) through 2.0.5 has XSS | |||||
| CVE-2017-5241 | 1 Biscom | 1 Secure File Transfer | 2020-02-20 | 3.5 LOW | 5.4 MEDIUM |
| Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting (XSS) in the "Name" and "Description" fields of a Workspace, as well as the "Description" field of a File Details pane of a file stored in a Workspace. This issue has been resolved in version 5.1.1025. | |||||
| CVE-2017-5247 | 1 Biscom | 1 Secure File Transfer | 2020-02-20 | 3.5 LOW | 5.4 MEDIUM |
| Biscom Secure File Transfer is vulnerable to cross-site scripting in the File Name field. An authenticated user with permissions to upload or send files can populate this field with a filename that contains standard HTML scripting tags. The resulting script will evaluated by any other authenticated user who views the attacker-supplied file name. All versions of SFT prior to 5.1.1028 are affected. The fix version is 5.1.1028. | |||||
| CVE-2019-18791 | 1 Lexmark | 160 6500e, 6500e Firmware, C734 and 157 more | 2020-02-20 | 3.5 LOW | 5.4 MEDIUM |
| Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser. | |||||
| CVE-2020-7050 | 1 Codologic | 1 Codoforum | 2020-02-20 | 3.5 LOW | 5.4 MEDIUM |
| Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cookies and take over accounts. | |||||
| CVE-2019-19325 | 1 Silverstripe | 1 Silverstripe | 2020-02-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input. | |||||
| CVE-2020-6850 | 1 Miniorange | 1 Saml Sp Single Sign On | 2020-02-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element. | |||||
| CVE-2018-16362 | 1 Mantisbt | 1 Source Integration | 2020-02-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the Source Integration plugin before 1.5.9 and 2.x before 2.1.5 for MantisBT. A cross-site scripting (XSS) vulnerability in the Manage Repository and Changesets List pages allows execution of arbitrary code (if CSP settings permit it) via repo_manage_page.php or list.php. | |||||
| CVE-2014-9615 | 1 Netsweeper | 1 Netsweeper | 2020-02-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php. | |||||
| CVE-2014-9607 | 1 Netsweeper | 1 Netsweeper | 2020-02-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
| CVE-2014-9606 | 1 Netsweeper | 1 Netsweeper | 2020-02-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2) customctid parameter to webadmin/policy/category_table_ajax.php, (3) urllist parameter to webadmin/alert/alert.php, (4) QUERY_STRING to webadmin/ajaxfilemanager/ajax_get_file_listing.php, or (5) PATH_INFO to webadmin/policy/policy_table_ajax.php/. | |||||
| CVE-2014-9608 | 1 Netsweeper | 1 Netsweeper | 2020-02-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2020-8612 | 2 Progess, Progress | 2 Moveit Transfer, Moveit Transfer | 2020-02-20 | 6.0 MEDIUM | 9.0 CRITICAL |
| In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS. | |||||
| CVE-2012-1932 | 1 Wolfcms | 1 Wolf Cms | 2020-02-20 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the setting[admin_email] parameter to admin/setting. | |||||
| CVE-2020-8981 | 1 Mantisbt | 1 Source Integration | 2020-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability was discovered in the Source Integration plugin before 1.6.2 and 2.x before 2.3.1 for MantisBT. The repo_delete.php Delete Repository page allows execution of arbitrary code via a repo name (if CSP settings permit it). This is related to CVE-2018-16362. | |||||
| CVE-2020-6184 | 1 Sap | 2 Netweaver, S\/4hana | 2020-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2020-6185 | 1 Sap | 2 Netweaver, S\/4hana | 2020-02-19 | 3.5 LOW | 5.4 MEDIUM |
| Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability. | |||||
| CVE-2014-3919 | 1 Netgear | 2 Cg3100, Cg3100 Firmware | 2020-02-19 | 4.3 MEDIUM | 9.3 CRITICAL |
| A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information. | |||||
| CVE-2020-6193 | 1 Sap | 1 Netweaver Knowledge Management | 2020-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver (Knowledge Management ICE Service), versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to execute malicious scripts leading to Reflected Cross-Site Scripting (XSS) vulnerability. | |||||