Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18267 | 1 Ge | 4 S2020, S2020 Firmware, S2020g and 1 more | 2020-01-07 | 3.5 LOW | 5.4 MEDIUM |
| An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site scripting vulnerability that may allow session hijacking, disclosure of sensitive data, cross-site request forgery (CSRF) attacks, and remote code execution. | |||||
| CVE-2015-6253 | 1 Edx | 1 Edx-platform | 2020-01-07 | 3.5 LOW | 5.4 MEDIUM |
| edx-platform before 2015-08-17 allows XSS in the Studio listing of courses. | |||||
| CVE-2014-4535 | 1 Import Legacy Media Project | 1 Import Legacy Media | 2020-01-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. | |||||
| CVE-2014-4536 | 1 Katz | 1 Infusionsoft Gravity Forms | 2020-01-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter. | |||||
| CVE-2019-18249 | 1 Reliablecontrols | 4 Mach-prowebcom, Mach-prowebcom Firmware, Mach-prowebsys and 1 more | 2020-01-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reliable Controls MACH-ProWebCom/Sys, all versions prior to 2.15 (Firmware versions prior to 8.26.4), may allow attacker to execute commands on behalf of the user when an authenticated user clicks on a malicious link. | |||||
| CVE-2019-19733 | 1 Mfscripts | 1 Yetishare | 2020-01-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| _get_all_file_server_paths.ajax.php (aka get_all_file_server_paths.ajax.php) in MFScripts YetiShare 3.5.2 through 4.5.3 does not sanitize or encode the output from the fileIds parameter on the page, which would allow an attacker to input HTML or execute scripts on the site, aka XSS. | |||||
| CVE-2019-6011 | 1 Tms-outsource | 1 Wpdatatables Lite | 2020-01-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-19738 | 1 Mfscripts | 1 Yetishare | 2020-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| log_file_viewer.php in MFScripts YetiShare 3.5.2 through 4.5.3 does not sanitize or encode the output from the lFile parameter on the page, which would allow an attacker to input HTML or execute scripts on the site, aka XSS. | |||||
| CVE-2019-6033 | 1 Appleple | 1 A-blog Cms | 2020-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-4559 | 1 Cybercompay | 1 Swipehq-payment-gateway-wp-e-commerce | 2020-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in test-plugin.php in the Swipe Checkout for WP e-Commerce plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) api_key, (2) payment_page_url, (3) merchant_id, (4) api_url, or (5) currency parameter. | |||||
| CVE-2018-7859 | 1 Dlink | 16 Dgs-1510-20, Dgs-1510-20 Firmware, Dgs-1510-28 and 13 more | 2020-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| A security vulnerability in D-Link DGS-1510-series switches with firmware 1.20.011, 1.30.007, 1.31.B003 and older that may allow a remote attacker to inject malicious scripts in the device and execute commands via browser that is configuring the unit. | |||||
| CVE-2019-6016 | 1 Remise | 1 Payment Module | 2020-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-9737 | 1 Ipandao | 1 Editor.md | 2020-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Editor.md 1.5.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring. | |||||
| CVE-2019-9537 | 1 Telos | 1 Automated Message Handling System | 2020-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uploaditem.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | |||||
| CVE-2019-9538 | 1 Telos | 1 Automated Message Handling System | 2020-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | |||||
| CVE-2019-9539 | 1 Telos | 1 Automated Message Handling System | 2020-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ModalWindowPopup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | |||||
| CVE-2019-9540 | 1 Telos | 1 Automated Message Handling System | 2020-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prefs.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | |||||
| CVE-2019-9542 | 1 Telos | 1 Automated Message Handling System | 2020-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | |||||
| CVE-2019-6031 | 1 Dayz | 1 Kinza | 2020-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in KINZA for Windows version 5.9.2 and earlier and for Mac version 5.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via RSS reader. | |||||
| CVE-2013-4693 | 1 Xorbin | 1 Digital Flash Clock | 2020-01-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress Xorbin Digital Flash Clock 1.0 has XSS | |||||