Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16798 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg. | |||||
| CVE-2011-4454 | 1 Tiki | 1 Tiki | 2019-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting vulnerabilities in Tiki 8.0 RC1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-remind_password.php, (2) tiki-index.php, (3) tiki-login_scr.php, or (4) tiki-index. | |||||
| CVE-2011-4455 | 1 Tiki | 1 Tiki | 2019-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4) tiki-rename_page.php. | |||||
| CVE-2019-12311 | 1 Sandline | 1 Centraleyezer | 2019-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sandline Centraleyezer (On Premises) allows Unrestricted File Upload leading to Stored XSS. An HTML page running a script could be uploaded to the server. When a victim tries to download a CISO Report template, the script is loaded. | |||||
| CVE-2019-12299 | 1 Sandline | 1 Centraleyezer | 2019-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sandline Centraleyezer (On Premises) allows Stored XSS using HTML entities in the name field of the Category section. | |||||
| CVE-2013-0193 | 1 Matomo | 1 Matomo | 2019-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195. | |||||
| CVE-2013-0195 | 1 Matomo | 1 Matomo | 2019-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0194. | |||||
| CVE-2013-0194 | 1 Matomo | 1 Matomo | 2019-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0195. | |||||
| CVE-2013-1844 | 1 Matomo | 1 Matomo | 2019-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-4541 | 1 Matomo | 1 Matomo | 2019-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1453 | 2 Matomo, Piwik | 2 Matomo, Piwik | 2019-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Login form in Piwik 0.1.6 through 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the form_url parameter. | |||||
| CVE-2011-0004 | 1 Matomo | 1 Matomo | 2019-11-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Piwik before 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-0577 | 1 Google Map Project | 1 Google Map | 2019-11-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in WP Google Map Plugin prior to version 4.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-0585 | 1 Ultimatemember | 1 Ultimate Member | 2019-11-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-12637 | 1 Cisco | 1 Identity Services Engine | 2019-11-20 | 3.5 LOW | 5.4 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web-based management interface. The vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2019-17057 | 1 Footy | 1 Tipping Software | 2019-11-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Footy Tipping Software AFL Web Edition 2019 allows XSS. | |||||
| CVE-2019-15054 | 1 Getmailbird | 1 Mailbird | 2019-11-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Mailbird before 2.7.5.0 r allow remote attackers to execute arbitrary JavaScript in a privileged context via a crafted HTML mail message. This vulnerability is distinct from CVE-2015-4657. | |||||
| CVE-2019-17427 | 1 Redmine | 1 Redmine | 2019-11-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors. | |||||
| CVE-2012-4439 | 1 Jenkins | 1 Jenkins | 2019-11-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that points to Jenkins. | |||||
| CVE-2012-4440 | 1 Jenkins | 1 Jenkins | 2019-11-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the Violations plugin. | |||||