Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15481 | 1 Kimai | 1 Kimai 2 | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Kimai v2 before 1.1 has XSS via a timesheet description. | |||||
| CVE-2019-15477 | 1 Jooby | 1 Jooby | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jooby before 1.6.4 has XSS via the default error handler. | |||||
| CVE-2019-15486 | 1 Django Js Reverse Project | 1 Django Js Reserve | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline. | |||||
| CVE-2019-15480 | 1 Domoticz | 1 Domoticz | 2019-08-26 | 3.5 LOW | 5.4 MEDIUM |
| Domoticz 4.10717 has XSS via item.Name. | |||||
| CVE-2014-10385 | 1 Memphis Documents Library Project | 1 Memphis Documents Library | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST. | |||||
| CVE-2013-7482 | 1 Reflex Gallery Project | 1 Reflex Gallery | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The reflex-gallery plugin before 1.4.3 for WordPress has XSS. | |||||
| CVE-2018-20982 | 1 Media Library Assistant Project | 1 Media Library Assistant | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens. | |||||
| CVE-2019-15095 | 1 Diaowen | 1 Dwsurvey | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter. | |||||
| CVE-2016-6154 | 2 Microsoft, Watchguard | 2 Windows, Fireware | 2019-08-26 | 5.8 MEDIUM | 6.1 MEDIUM |
| The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect). | |||||
| CVE-2019-15532 | 1 Gchq | 1 Cyberchef | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs. | |||||
| CVE-2017-18575 | 1 Newstatpress Project | 1 Newstatpress | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues. | |||||
| CVE-2017-18572 | 1 Sir | 1 Gnucommerce | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The gnucommerce plugin before 1.4.2 for WordPress has XSS. | |||||
| CVE-2019-15478 | 1 Status Board Project | 1 Status Board | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Status Board 1.1.81 has reflected XSS via logic.ts. | |||||
| CVE-2016-10920 | 1 Sir | 1 Gnucommerce | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS. | |||||
| CVE-2016-10919 | 1 Wassup Real Time Analytics Project | 1 Wassup Real Time Analytics | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::add_siteurl method, a different vulnerability than CVE-2012-2633. | |||||
| CVE-2018-20983 | 1 Meowapps | 1 Wp Retina 2x | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-retina-2x plugin before 5.2.3 for WordPress has XSS. | |||||
| CVE-2017-18582 | 1 Time Sheets Project | 1 Time Sheets | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The time-sheets plugin before 1.5.2 for WordPress has multiple XSS issues. | |||||
| CVE-2019-5594 | 1 Fortinet | 1 Fortinac | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. | |||||
| CVE-2019-0337 | 1 Sap | 1 Netweaver Process Integration | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting (XSS) vulnerability | |||||
| CVE-2019-0335 | 1 Sap | 1 Businessobjects Business Intelligence | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Under certain conditions SAP BusinessObjects Business Intelligence Platform (Central Management Console), versions 4.1, 4.2, 4.3, allows an attacker to store a malicious payload within the description field of a user account. The payload is triggered when the mouse cursor is moved over the description field in the list, when generating the little yellow informational pop up box, resulting in Stored Cross Site Scripting Attack. | |||||