Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4451 | 3 Fedoraproject, Redhat, Zend | 3 Fedora, Enterprise Linux, Zend Framework | 2020-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper. | |||||
| CVE-2019-19916 | 2 Microsoft, Midori-browser | 2 Windows 10, Midori | 2020-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Midori Browser 0.5.11 (on Windows 10), Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the multipart/x-mixed-replace MIME type. This could result in script running where CSP should have blocked it, allowing for cross-site scripting (XSS) and other attacks when the product renders the content as HTML. Remediating this would also need to consider the polyglot case, e.g., a file that is a valid GIF image and also valid JavaScript. | |||||
| CVE-2020-5308 | 1 Phpgurukul Dairy Farm Shop Management System Project | 1 Phpgurukul Dairy Farm Shop Management System | 2020-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in add-product.php. | |||||
| CVE-2012-5558 | 2 Smiley Project, Smileys Project | 2 Smiley, Smileys | 2020-01-14 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x versions prior to 6.x-1.1 and Smileys module 6.x-1.x versions prior to 6.x-1.1 for Drupal allows remote authenticated users with the "administer smiley" permission to inject arbitrary web script or HTML via a smiley acronym. | |||||
| CVE-2012-1261 | 1 Plixer | 1 Scrutinizer Netflow \& Sflow Analyzer | 2020-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusions.cgi in Plixer International Scrutinizer NetFlow and sFlow Analyzer 8.6.2.16204 and other versions before 9.0.1.19899 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter. | |||||
| CVE-2019-20376 | 1 Psi | 1 Electronic Logbook | 2020-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) 3.1.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG document to elogd.c. | |||||
| CVE-2019-20375 | 1 Psi | 1 Electronic Logbook | 2020-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) 3.1.4 allows remote attackers to inject arbitrary web script or HTML via the value parameter in a localization (loc) command to elogd.c. | |||||
| CVE-2019-20210 | 1 Cththemes | 3 Citybook, Easybook, Townhub | 2020-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query. | |||||
| CVE-2019-20211 | 1 Cththemes | 3 Citybook, Easybook, Townhub | 2020-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phone Number, or Website. | |||||
| CVE-2019-20209 | 1 Cththemes | 3 Citybook, Easybook, Townhub | 2020-01-14 | 6.4 MEDIUM | 7.5 HIGH |
| The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing. | |||||
| CVE-2019-20212 | 1 Cththemes | 3 Citybook, Easybook, Townhub | 2020-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via the chat widget/page message form. | |||||
| CVE-2011-2670 | 1 Mozilla | 1 Firefox | 2020-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets | |||||
| CVE-2011-5018 | 1 Koala-framework | 1 Koala Framework | 2020-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Koala Framework before 2011-11-21 has XSS via the request_uri parameter. | |||||
| CVE-2019-20377 | 1 Tophub | 1 Toplist | 2020-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| TopList before 2019-09-03 allows XSS via a title. | |||||
| CVE-2014-4561 | 1 Ultimate-weather Project | 1 Ultimate-weather | 2020-01-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ultimate-weather plugin 1.0 for WordPress has XSS | |||||
| CVE-2019-17022 | 4 Canonical, Debian, Mozilla and 1 more | 9 Ubuntu Linux, Debian Linux, Firefox and 6 more | 2020-01-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. | |||||
| CVE-2019-17016 | 4 Canonical, Debian, Mozilla and 1 more | 9 Ubuntu Linux, Debian Linux, Firefox and 6 more | 2020-01-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. | |||||
| CVE-2019-20379 | 1 Ganglia | 1 Ganglia-web | 2020-01-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php cs parameter. | |||||
| CVE-2019-20378 | 1 Ganglia | 1 Ganglia-web | 2020-01-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter. | |||||
| CVE-2014-9405 | 1 Free | 1 Freebox Os | 2020-01-13 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in Freebox OS Web interface 3.0.2, which allows malicious users to execute arbitrary code. | |||||