Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3370 | 1 Status | 1 Statusnet | 2019-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| statusnet before 0.9.9 has XSS | |||||
| CVE-2019-17236 | 1 Getigniteup | 1 Igniteup | 2019-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS. | |||||
| CVE-2019-18881 | 1 Wso2 | 1 Identity Server | 2019-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile. | |||||
| CVE-2019-18882 | 1 Wso2 | 1 Identity Server | 2019-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled. | |||||
| CVE-2013-1426 | 1 Mahara | 1 Mahara | 2019-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in Mahara before 1.5.9 and 1.6.x before 1.6.4 allows remote attackers to inject arbitrary web script or HTML via the TinyMCE editor. | |||||
| CVE-2019-4470 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2019-11-12 | 3.5 LOW | 5.4 MEDIUM |
| IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163779. | |||||
| CVE-2019-4454 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2019-11-12 | 3.5 LOW | 5.4 MEDIUM |
| IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163618. | |||||
| CVE-2019-4450 | 1 Ibm | 1 I | 2019-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163492. | |||||
| CVE-2018-12234 | 1 Myadrenalin | 1 Adrenalin | 2019-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4.0 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the flexiportal/GeneralInfo.aspx strAction parameter. | |||||
| CVE-2018-12650 | 1 Myadrenalin | 1 Human Resource Management Software | 2019-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting (XSS) vulnerability in the ApplicationtEmployeeSearch page via 'prntDDLCntrlName' and 'prntFrmName'. | |||||
| CVE-2019-4581 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2019-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 167239. | |||||
| CVE-2019-4645 | 1 Ibm | 1 Cognos Analytics | 2019-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170881. | |||||
| CVE-2019-17222 | 1 Intelbras | 2 Wrn 150, Wrn 150 Firmware | 2019-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on Intelbras WRN 150 1.0.17 devices. There is stored XSS in the Service Name tab of the WAN configuration screen, leading to a denial of service (inability to change the configuration). | |||||
| CVE-2019-12386 | 1 Ampache | 1 Ampache | 2019-11-11 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known by the attacker. | |||||
| CVE-2019-18816 | 1 Popojicms | 1 Popojicms | 2019-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows post[1][content]= stored XSS. | |||||
| CVE-2017-18639 | 1 Progress | 1 Sitefinity Cms | 2019-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImages/newsimages Parameter : Image Title, /Content/links Parameter : Link Title, /Content/links Parameter : Link Title, or /Content/Videos/LibraryVideos/default-video-library Parameter : Video Title. | |||||
| CVE-2018-18674 | 1 Gnuboard | 1 Gnuboard5 | 2019-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board tail contents" parameter, aka the adm/board_form_update.php bo_content_tail parameter. | |||||
| CVE-2017-0931 | 1 Html-janitor Project | 1 Html-janitor | 2019-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| html-janitor node module suffers from a Cross-Site Scripting (XSS) vulnerability via clean() accepting user-controlled values. | |||||
| CVE-2018-14512 | 1 Wuzhicms | 1 Wuzhi Cms | 2019-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings - mail server" screen, the XSS payload is triggered. | |||||
| CVE-2019-8227 | 1 Magento | 1 Magento | 2019-11-08 | 3.5 LOW | 4.8 MEDIUM |
| In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML. | |||||