Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9470 | 1 Fork-cms | 1 Fork Cms | 2020-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the q_widget parameter to en/search. | |||||
| CVE-2012-2517 | 1 Prestashop | 1 Prestashop | 2020-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php. | |||||
| CVE-2012-2452 | 1 Pragmamx | 1 Pragmamx | 2020-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php. | |||||
| CVE-2012-4029 | 1 Chamilo | 1 Chamilo | 2020-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action. | |||||
| CVE-2014-3826 | 1 Mybb | 1 Mybb | 2020-02-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in the edit action of the config-profile_fields module. | |||||
| CVE-2015-1394 | 1 10web | 1 Photo Gallery | 2020-02-11 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php. | |||||
| CVE-2015-2207 | 1 Netcracker | 1 Resource Management System | 2020-02-11 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) ctrl, (2) t90001_0_theform_selection, (3) _scroll, (4) tableName, (5) parent, (6) circuit, (7) return, (8) xname, or (9) mpTransactionId parameter. | |||||
| CVE-2020-8822 | 1 Digi | 4 Transport Wr21, Transport Wr21 Firmware, Transport Wr44 and 1 more | 2020-02-11 | 3.5 LOW | 4.8 MEDIUM |
| Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices allow stored XSS in the web application. | |||||
| CVE-2020-8788 | 1 Synaptivemedical | 1 Clearcanvas | 2020-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HTML injection) via the Default.aspx UserName parameter. NOTE: the issues/227 reference does not imply that the affected product can be downloaded from GitHub. It was simply a convenient location for a public bug report. | |||||
| CVE-2014-6413 | 1 Watchguard | 1 Fireware Xtm | 2020-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script. | |||||
| CVE-2012-6666 | 1 Vbseo | 1 Vbseo | 2020-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter. | |||||
| CVE-2013-1353 | 1 Orangehrm | 1 Orangehrm | 2020-02-11 | 3.5 LOW | 5.4 MEDIUM |
| Orange HRM 2.7.1 allows XSS via the vacancy name. | |||||
| CVE-2019-19661 | 1 Maxum | 1 Rumpus Ftp | 2020-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp. | |||||
| CVE-2020-8115 | 1 Revive-adserver | 1 Revive Adserver | 2020-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back without proper escaping in a JavaScript context, allowing an attacker to execute arbitrary JS code on the browser of the victim. | |||||
| CVE-2019-1578 | 1 Paloaltonetworks | 1 Minemeld | 2020-02-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin’s browser. | |||||
| CVE-2019-16925 | 1 Flower Project | 1 Flower | 2020-02-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** Flower 0.9.3 has XSS via the name parameter in an @app.task call. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has full access. | |||||
| CVE-2019-16926 | 1 Flower Project | 1 Flower | 2020-02-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has full access. | |||||
| CVE-2019-0316 | 1 Sap | 1 Netweaver Process Integration | 2020-02-10 | 3.5 LOW | 4.8 MEDIUM |
| SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by injecting malicious scripts in certain servlets, which will be executed when the victim is tricked to click on those malicious links, resulting in reflected Cross Site Scripting vulnerability. | |||||
| CVE-2018-7827 | 1 Schneider-electric | 118 D6220, D6220 Firmware, D6220l and 115 more | 2020-02-10 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which a remote attacker can execute arbitrary HTML and script code in a user’s browser session. | |||||
| CVE-2016-5819 | 1 Moxa | 10 Oncell G3100v2, Oncell G3100v2 Firmware, Oncell G3111 and 7 more | 2020-02-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute arbitrary script code in the user’s browser within the trust relationship between their browser and the server. | |||||