Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16769 | 1 Verizon | 1 Serialize-javascript | 2020-01-17 | 3.5 LOW | 5.4 MEDIUM |
| The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability. | |||||
| CVE-2015-2230 | 1 Synacor | 1 Zimbra Collaboration Server | 2020-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Synacor Zimbra Collaboration Server 8.x before 8.7.0 has Reflected XSS in admin console. | |||||
| CVE-2018-18248 | 1 Icinga | 1 Icinga Web 2 | 2020-01-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup query string. | |||||
| CVE-2018-18247 | 1 Icinga | 1 Icinga Web 2 | 2020-01-16 | 3.5 LOW | 5.4 MEDIUM |
| Icinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add icon parameter. | |||||
| CVE-2009-3724 | 1 Python-markdown2 Project | 1 Python-markdown2 | 2020-01-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XSS) issues. | |||||
| CVE-2011-2706 | 1 Snewscms | 1 Snews | 2020-01-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in the reorder administrator functions in sNews 1.71. | |||||
| CVE-2018-0719 | 1 Qnap | 1 Qts | 2020-01-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP Systems Inc. QTS allows attackers to inject javascript. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710. | |||||
| CVE-2011-3202 | 1 Jcow | 1 Jcow Cms | 2020-01-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier. | |||||
| CVE-2020-6847 | 1 Opentrade Project | 1 Opentrade | 2020-01-15 | 3.5 LOW | 5.4 MEDIUM |
| OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript. | |||||
| CVE-2020-6848 | 1 Axper | 2 Vision Ii, Vision Ii Firmware | 2020-01-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Name) parameter to the configWebParams.cgi URI. | |||||
| CVE-2020-6758 | 1 Rasilient | 2 Pixelstor 5000, Pixelstor 5000 Firmware | 2020-01-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Option/optionsAll.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows remote attackers to inject arbitrary web script or HTML via the ContentFrame parameter. | |||||
| CVE-2020-6632 | 1 Prestashop | 1 Prestashop | 2020-01-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a QuickAccess link. This is related to AdminQuickAccessesController.php, themes/default/template/header.tpl, and themes/new-theme/js/header.js. | |||||
| CVE-2020-6163 | 1 Mediawiki | 1 Mediawiki | 2020-01-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file). | |||||
| CVE-2019-18842 | 1 Usriot | 8 Usr-wifi232-g2, Usr-wifi232-g2 Firmware, Usr-wifi232-h and 5 more | 2020-01-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the configuration web interface of the Jinan USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module with web version 1.2.2 allows attackers to leak credentials of the Wi-Fi access point the module is logged into, and the web interface login credentials, by opening a Wi-Fi access point nearby with a malicious SSID. | |||||
| CVE-2019-20182 | 1 Fooplugins | 1 Foogallery | 2020-01-14 | 3.5 LOW | 4.8 MEDIUM |
| The FooGallery plugin 1.8.12 for WordPress allow XSS via the post_title parameter. | |||||
| CVE-2019-20181 | 1 Getawesomesupport | 1 Awesome Support | 2020-01-14 | 3.5 LOW | 4.8 MEDIUM |
| The awesome-support plugin 5.8.0 for WordPress allows XSS via the post_title parameter. | |||||
| CVE-2014-10398 | 1 Bssys | 1 Rbs Bs-client. Retail Client | 2020-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client. Private Client (aka RBS BS-Client. Retail Client) 2.5, 2.4, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) DICTIONARY, (2) FILTERIDENT, (3) FROMSCHEME, (4) FromPoint, or (5) FName_0 parameter and a valid sid parameter value. | |||||
| CVE-2014-4196 | 1 Bssys | 1 Rbs Bs-client | 2020-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allows remote attackers to inject arbitrary web script or HTML via the colorstyle parameter. | |||||
| CVE-2019-5988 | 1 Anglers-net | 1 Cgi An-anlyzer | 2020-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Management Page. | |||||
| CVE-2019-16154 | 1 Fortinet | 1 Fortiauthenticator | 2020-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of the logon page. | |||||