Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4441 | 1 Jenkins | 1 Jenkins | 2019-11-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin. | |||||
| CVE-2019-10070 | 1 Apache | 1 Atlas | 2019-11-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality | |||||
| CVE-2019-19040 | 1 Kairosdb Project | 1 Kairosdb | 2019-11-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| KairosDB through 1.2.2 has XSS in view.html because of showErrorMessage in js/graph.js, as demonstrated by view.html?q= with a '"sampling":{"value":"<script>' substring. | |||||
| CVE-2017-15948 | 1 Edgeofmyseat | 1 Perch | 2019-11-18 | 3.5 LOW | 4.8 MEDIUM |
| Perch Content Management System 3.0.3 allows unrestricted file upload (with resultant XSS) via the Asset Title field in conjunction with the Select File field. This is exploitable with a Limited Admin account. | |||||
| CVE-2013-4106 | 1 Cryptocat Project | 1 Cryptocat | 2019-11-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site scripting (XSS) vulnerability exists in Conversation Overview Nickname in Cryptocat before 2.0.22. | |||||
| CVE-2019-17330 | 1 Tibco | 1 Ebx | 2019-11-18 | 4.3 MEDIUM | 9.6 CRITICAL |
| The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6. | |||||
| CVE-2013-4275 | 1 Zen Project | 1 Zen | 2019-11-18 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the zen_breadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x before 7.x-3.2, and 7.x-5.x before 7.x-5.4 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the breadcrumb separator field. | |||||
| CVE-2019-17515 | 1 Cleantalk | 1 Spam Protection\, Antispam\, Firewall | 2019-11-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and inc/cleantalk-comments.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL. | |||||
| CVE-2019-17550 | 1 Adenion | 1 Blog2social | 2019-11-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2s_id parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL. | |||||
| CVE-2013-3097 | 1 Actiontec | 2 Mi424wr-gen3i, Mi424wr-gen3i Firmware | 2019-11-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FIOS Actiontec MI424WR-GEN3I router. | |||||
| CVE-2019-18923 | 1 Go-camo Project | 1 Go-camo | 2019-11-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient content type validation of proxied resources in go-camo before 2.1.1 allows a remote attacker to serve arbitrary content from go-camo's origin. | |||||
| CVE-2013-4109 | 1 Cryptocat Project | 1 Cryptocat | 2019-11-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| An unspecified cross-site scripting (XSS) vulnerability exists in Cryptocat Message Handling 1.1.165. | |||||
| CVE-2019-18957 | 1 Microstrategy | 1 Microstrategy Library | 2019-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS. | |||||
| CVE-2012-5193 | 1 Bitweaver | 1 Bitweaver | 2019-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) stats/index.php or (2) newsletters/edition.php or the (3) username parameter to users/remind_password.php, (4) days parameter to stats/index.php, (5) login parameter to users/register.php, or (6) highlight parameter. | |||||
| CVE-2019-0385 | 1 Sap | 1 Enable Now | 2019-11-15 | 3.5 LOW | 6.5 MEDIUM |
| SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-0382 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2019-11-15 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform (Web Intelligence-Publication related pages); corrected in version 4.2. Privileges are required in order to exploit this vulnerability. | |||||
| CVE-2013-3517 | 1 Netgear | 4 Wnr3500l, Wnr3500l Firmware, Wnr3500u and 1 more | 2019-11-15 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR3500L. | |||||
| CVE-2019-16950 | 1 Enghouse | 1 Web Chat | 2019-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. The QueueName parameter of a GET request allows for insertion of user-supplied JavaScript. | |||||
| CVE-2019-18873 | 1 Fudforum | 1 Fudforum | 2019-11-15 | 8.5 HIGH | 9.0 CRITICAL |
| FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php. | |||||
| CVE-2016-10704 | 1 Magento | 1 Magento | 2019-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503. | |||||