Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9758 | 1 Labkey | 1 Labkey Server | 2019-11-01 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in LabKey Server 19.1.0. The display name of a user is vulnerable to stored XSS that can execute on administrators from security/permissions.view, security/addUsers.view, or wiki/Administration/page.view in the admin panel, leading to privilege escalation. | |||||
| CVE-2010-4245 | 1 Translatehouse | 1 Pootle | 2019-11-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| pootle 2.0.5 has XSS via 'match_names' parameter | |||||
| CVE-2011-0428 | 1 Ikiwiki | 1 Ikiwiki | 2019-11-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments. | |||||
| CVE-2009-4900 | 1 Pixelpost | 1 Pixelpost | 2019-11-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| pixelpost 1.7.1 has XSS | |||||
| CVE-2019-12417 | 1 Apache | 1 Airflow | 2019-11-01 | 3.5 LOW | 4.8 MEDIUM |
| A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process. | |||||
| CVE-2019-18656 | 1 Pimcore | 1 Pimcore | 2019-11-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBundle/Resources/public/js/pimcore/settings/translations.js mishandles certain HTML elements. | |||||
| CVE-2017-1000043 | 1 Mapbox | 1 Mapbox.js | 2019-10-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control | |||||
| CVE-2019-17120 | 1 Wikidsystems | 1 2fa Enterprise Server | 2019-10-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/adm_usrs.jsp. The usr parameter is vulnerable: the reflected cross-site scripting occurs immediately after the user is created. The malicious script is stored and will be executed whenever /WiKIDAdmin/adm_usrs.jsp is visited. | |||||
| CVE-2010-1673 | 1 Ikiwiki | 1 Ikiwiki | 2019-10-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment. | |||||
| CVE-2019-18419 | 1 Clonos | 1 Clonos | 2019-10-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
| CVE-2018-10727 | 1 Fabrikar | 1 Fabrik | 2019-10-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) vulnerability in the fabrik_referrer hidden field in the Fabrikar Fabrik component through v3.8.1 for Joomla! allows remote attackers to inject arbitrary web script via the HTTP Referer header. | |||||
| CVE-2018-1000855 | 1 Basecamp | 1 Easymon | 2019-10-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| easymon version 1.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Endpoint where monitoring is mounted that can result in Reflected XSS that affects Firefox. Can be used to steal cookies, depending on the cookie settings.. This attack appear to be exploitable via The victim must click on a crafted URL that contains the XSS payload. This vulnerability appears to have been fixed in 1.4.1 and later. | |||||
| CVE-2019-14928 | 2 Inea, Mitsubishielectric | 4 Me-rtu, Me-rtu Firmware, Smartrtu and 1 more | 2019-10-30 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is SerialInitialModemString in the index.php page. | |||||
| CVE-2018-11093 | 1 Ckeditor | 1 Ckeditor 5-link | 2019-10-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link (A) element. | |||||
| CVE-2019-7425 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2019-10-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter. | |||||
| CVE-2019-4409 | 1 Hcltech | 1 Traveler | 2019-10-30 | 3.5 LOW | 5.4 MEDIUM |
| HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. On the Problem Report page of the Traveler servlet pages, there is a field to specify a file attachment to provide additional problem details. An invalid file name returns an error message that includes the entered file name. If the file name is not escaped in the returned error page, it could expose a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2010-4240 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2019-10-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Tiki Wiki CMS Groupware 5.2 has XSS | |||||
| CVE-2019-9763 | 1 Openfind | 1 Mail2000 | 2019-10-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an '<object data="data:text/html' substring in an e-mail message (The vendor subsequently patched this). | |||||
| CVE-2017-1321 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2019-10-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125916. | |||||
| CVE-2019-18221 | 1 Corehr | 1 Core Portal | 2019-10-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| CoreHR Core Portal before 27.0.7 allows stored XSS. | |||||