Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4039 | 1 E-plugins | 1 Wp Membership | 2020-01-13 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified (1) profile fields or (2) new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmation step for vector 2. | |||||
| CVE-2014-3743 | 1 Marked Project | 1 Marked | 2020-01-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's. | |||||
| CVE-2012-1915 | 1 Codeigniter | 1 Codeigniter | 2020-01-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_clean() Filter and perform XSS attacks. | |||||
| CVE-2013-1420 | 1 Get-simple | 1 Getsimple Cms | 2020-01-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to filebrowser.php in admin/. NOTE: the path parameter in admin/upload.php vector is already covered by CVE-2012-6621. | |||||
| CVE-2011-4595 | 1 Caseproof | 1 Pretty Link | 2020-01-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pretty-Link WordPress plugin 1.5.2 has XSS | |||||
| CVE-2014-4530 | 1 Flog Project | 1 Flog | 2020-01-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| flog plugin 0.1 for WordPress has XSS | |||||
| CVE-2019-17001 | 1 Mozilla | 1 Firefox | 2020-01-13 | 5.8 MEDIUM | 6.1 MEDIUM |
| A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-2019-17000.*Note: This flaw only affected Firefox 69 and was not present in earlier versions.*. This vulnerability affects Firefox < 70. | |||||
| CVE-2019-17000 | 1 Mozilla | 1 Firefox | 2020-01-13 | 5.8 MEDIUM | 6.1 MEDIUM |
| An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URIs. This vulnerability affects Firefox < 70. | |||||
| CVE-2019-18652 | 1 Watchguard | 2 Xmt515, Xmt515 Firmware | 2020-01-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking on a crafted link. The payload was tested in Microsoft Internet Explorer 11.418.18362.0 and Microsoft Edge 44.18362.387.0 (Microsoft EdgeHTML 18.18362). | |||||
| CVE-2019-20154 | 1 Determine | 1 Contract Lifecycle Management | 2020-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. A cross-site scripting (XSS) vulnerability in multiple getchart.jsp parameters allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2019-15602 | 1 Itwork | 1 Fileview | 2020-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The fileview package v0.1.6 has inadequate output encoding and escaping, which leads to a stored Cross-Site Scripting (XSS) vulnerability in files it serves. | |||||
| CVE-2013-4752 | 2 Fedoraproject, Sensiolabs | 2 Fedora, Symfony | 2020-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks. | |||||
| CVE-2017-7320 | 1 Modx | 1 Modx Revolution | 2020-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a denial of service (cookie quota exhaustion), or conduct HTTP Response Splitting attacks with resultant XSS, via an invalid parameter value. | |||||
| CVE-2014-1454 | 1 Pearson | 1 Esis Enterprise Student Information System | 2020-01-10 | 3.5 LOW | 4.8 MEDIUM |
| Pearson eSIS (Enterprise Student Information System) message board has stored XSS due to improper validation of user input | |||||
| CVE-2020-5191 | 1 Phpgurukul | 1 Hospital Management System In Php | 2020-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities. | |||||
| CVE-2014-8674 | 1 Soplanning | 1 Soplanning | 2020-01-10 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code. | |||||
| CVE-2019-5989 | 1 Anglers-net | 1 Cgi An-anlyzer | 2020-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| DOM-based cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Analysis Object Page. | |||||
| CVE-2014-0183 | 1 Redhat | 1 Subscription Asset Manager | 2020-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering. | |||||
| CVE-2012-2580 | 1 Postieplugin | 1 Postie | 2020-01-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Postie plugin 1.4.3, and possibly before 1.5.15, for WordPress allows remote attackers to inject arbitrary web script or HTML via the From field of an email. | |||||
| CVE-2019-17667 | 1 Comtechtel | 2 H8 Heights Remote Gateway, H8 Heights Remote Gateway Firmware | 2020-01-10 | 3.5 LOW | 5.4 MEDIUM |
| Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name (aka SiteName) field. | |||||