Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16521 | 1 Managewp | 1 Broken Link Checker | 2019-10-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payload in the s_filter GET parameter in a filter_id=search request. NOTE: this is an end-of-life product. | |||||
| CVE-2019-16520 | 1 Semperplugins | 1 All In One Seo Pack | 2019-10-18 | 3.5 LOW | 5.4 MEDIUM |
| The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement. | |||||
| CVE-2019-17607 | 1 Hongcms Project | 1 Hongcms | 2019-10-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| HongCMS 3.0.0 has XSS via the install/index.php servername parameter. | |||||
| CVE-2019-17608 | 1 Hongcms Project | 1 Hongcms | 2019-10-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| HongCMS 3.0.0 has XSS via the install/index.php dbname parameter. | |||||
| CVE-2019-17609 | 1 Hongcms Project | 1 Hongcms | 2019-10-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter. | |||||
| CVE-2019-17610 | 1 Hongcms Project | 1 Hongcms | 2019-10-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter. | |||||
| CVE-2019-17611 | 1 Hongcms Project | 1 Hongcms | 2019-10-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter. | |||||
| CVE-2019-13392 | 1 Mindpalette | 1 Natemail | 2019-10-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid. | |||||
| CVE-2019-17660 | 1 Limesurvey | 1 Limesurvey | 2019-10-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATH_INFO. | |||||
| CVE-2019-0368 | 1 Sap | 2 Customer Relationship Management Bbpcrm, Customer Relationship Management S4crm | 2019-10-17 | 3.5 LOW | 5.4 MEDIUM |
| SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability. | |||||
| CVE-2011-4333 | 1 Scilico | 1 Labwiki | 2019-10-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) from parameter to index.php or the (2) page_no parameter to recentchanges.php. | |||||
| CVE-2019-10756 | 1 Nodered | 1 Node-red-dashboard | 2019-10-17 | 3.5 LOW | 5.4 MEDIUM |
| It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the ui_notification node accepting raw HTML by default. | |||||
| CVE-2015-4707 | 1 Ipython | 1 Ipython | 2019-10-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path. | |||||
| CVE-2019-17522 | 1 Hotarucms | 1 Hotarucms | 2019-10-17 | 3.5 LOW | 4.8 MEDIUM |
| A stored XSS vulnerability was discovered in Hotaru CMS v1.7.2 via the admin_index.php?page=settings SITE NAME field (aka SITE_NAME), a related issue to CVE-2011-4709.1. | |||||
| CVE-2019-17579 | 1 Sonarsource | 1 Sonarqube | 2019-10-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| SonarSource SonarQube before 7.8 has XSS in project links on account/projects. | |||||
| CVE-2019-16344 | 1 Scadabr | 1 Scadabr | 2019-10-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the login form (/ScadaBR/login.htm) in ScadaBR 1.0CE allows a remote attacker to inject arbitrary web script or HTML via the username or password parameter. | |||||
| CVE-2017-14506 | 1 Geminabox Project | 1 Geminabox | 2019-10-17 | 3.5 LOW | 5.4 MEDIUM |
| geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file. | |||||
| CVE-2019-17625 | 1 Rambox | 1 Rambox | 2019-10-16 | 8.5 HIGH | 9.0 CRITICAL |
| There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for Node.js and Electron, such as an exec of OS commands within the onerror attribute of an IMG element. | |||||
| CVE-2015-9469 | 1 Cybercraftit | 1 Content-grabber | 2019-10-16 | 3.5 LOW | 4.8 MEDIUM |
| The content-grabber plugin 1.0 for WordPress has XSS via obj_field_name or obj_field_id. | |||||
| CVE-2016-6800 | 1 Apache | 1 Ofbiz | 2019-10-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not properly sanitized. It is possible to inject arbitrary JavaScript code in these form fields. This code gets executed from the browser of every user who is visiting this article. Mitigation: Upgrade to Apache OFBiz 16.11.01. | |||||