Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-0544 | 2 Debian, Phpbb | 2 Debian Linux, Phpbb | 2019-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag. | |||||
| CVE-2019-17523 | 1 Technicolor | 2 Tc7300.b0, Tc7300.b0 Firmware | 2019-11-15 | 3.5 LOW | 5.4 MEDIUM |
| An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp. | |||||
| CVE-2019-17524 | 1 Technicolor | 2 Tc7300.b0, Tc7300.b0 Firmware | 2019-11-15 | 3.5 LOW | 5.4 MEDIUM |
| An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. An intranet host can use a crafted hostname to exploit this. | |||||
| CVE-2019-18839 | 1 Fudforum | 1 Fudforum | 2019-11-15 | 8.5 HIGH | 9.0 CRITICAL |
| FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. | |||||
| CVE-2019-17331 | 1 Tibco | 1 Ebx Add-ons | 2019-11-14 | 3.5 LOW | 5.4 MEDIUM |
| The Data Exchange Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, version 4.1.0. | |||||
| CVE-2019-17332 | 1 Tibco | 1 Ebx Add-ons | 2019-11-14 | 4.3 MEDIUM | 5.4 MEDIUM |
| The Digital Asset Manager Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, versions 4.1.0, 4.2.0, 4.2.1, and 4.2.2. | |||||
| CVE-2019-18793 | 1 Parallels | 1 Parallels Plesk Panel | 2019-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/index.htm? via the "fileName" parameter. | |||||
| CVE-2019-18649 | 1 Untangle | 1 Ng Firewall | 2019-11-14 | 3.5 LOW | 4.8 MEDIUM |
| When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS. | |||||
| CVE-2019-18648 | 1 Untangle | 1 Ng Firewall | 2019-11-14 | 3.5 LOW | 4.8 MEDIUM |
| When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields. | |||||
| CVE-2019-18883 | 1 Lavalite | 1 Lavalite | 2019-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field. | |||||
| CVE-2019-18926 | 1 Systematicinc | 1 Iris Standards Management | 2019-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable to unauthenticated reflected Cross Site Scripting (XSS). A user input (related to dialog information) is reflected directly in the web page, allowing a malicious user to conduct a Cross Site Scripting attack against users of the application. | |||||
| CVE-2010-3857 | 1 Redhat | 1 Jboss Business Rules Management System | 2019-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID parameter. | |||||
| CVE-2012-4384 | 2 Debian, Trilexnet | 2 Debian Linux, Letodms | 2019-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar | |||||
| CVE-2019-17430 | 1 Eyoucms | 1 Eyoucms | 2019-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter. | |||||
| CVE-2014-3592 | 1 Redhat | 1 Openshift Origin | 2019-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenShift Origin: Improperly validated team names could allow stored XSS attacks | |||||
| CVE-2016-10006 | 1 Antisamy Project | 1 Antisamy | 2019-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS. | |||||
| CVE-2011-2935 | 1 Elgg | 1 Elgg | 2019-11-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Elgg through 1.7.10 has XSS | |||||
| CVE-2010-2472 | 1 Drupal | 1 Drupal | 2019-11-13 | 3.5 LOW | 4.8 MEDIUM |
| Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission. | |||||
| CVE-2009-5046 | 2 Debian, Eclipse | 2 Debian Linux, Jetty | 2019-11-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. | |||||
| CVE-2009-2802 | 1 Mantisbt | 1 Mantisbt | 2019-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks. | |||||