Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4691 | 1 Sencha | 1 Connect | 2020-01-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sencha Labs Connect has XSS with connect.methodOverride() | |||||
| CVE-2013-4664 | 1 Spbas | 1 Business Automation Software | 2020-01-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| SPBAS Business Automation Software 2012 has XSS. | |||||
| CVE-2013-4692 | 1 Xorbin | 1 Analog Flash Clock | 2020-01-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS | |||||
| CVE-2019-20221 | 1 Sitracker | 1 Support Incident Tracker | 2020-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page. | |||||
| CVE-2019-20223 | 1 Sitracker | 1 Support Incident Tracker | 2020-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to CVE-2012-2235. | |||||
| CVE-2019-20220 | 1 Sitracker | 1 Support Incident Tracker | 2020-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.php page is affected by XSS. | |||||
| CVE-2019-20222 | 1 Sitracker | 1 Support Incident Tracker | 2020-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS. | |||||
| CVE-2014-6420 | 1 Livefyre | 1 Livecomments | 2020-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0 allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded picture. | |||||
| CVE-2019-6018 | 1 Netcommons | 1 Netcommons | 2020-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in NetCommons 3.2.2 and earlier (NetCommons3.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-6029 | 1 Custom Body Class Project | 1 Custom Body Class | 2020-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-20139 | 1 Nagios | 1 Nagios Xi | 2020-01-03 | 3.5 LOW | 5.4 MEDIUM |
| In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin user. | |||||
| CVE-2019-4623 | 1 Ibm | 1 Cognos Analytics | 2020-01-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168924. | |||||
| CVE-2019-9207 | 1 Paessler | 1 Prtg Network Monitor | 2020-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm searchtext parameter. NOTE: This product is discontinued. | |||||
| CVE-2019-9206 | 1 Paessler | 1 Prtg Network Monitor | 2020-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm errormsg or loginurl parameter. NOTE: This product is discontinued. | |||||
| CVE-2019-20075 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2020-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic). | |||||
| CVE-2019-20076 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2020-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration). | |||||
| CVE-2019-20070 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2020-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration). | |||||
| CVE-2019-20072 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2020-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration). | |||||
| CVE-2019-20073 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2020-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration). | |||||
| CVE-2019-19541 | 1 Cridio | 1 Listingpro | 2020-01-02 | 3.5 LOW | 5.4 MEDIUM |
| The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page. | |||||