Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10767 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159). | |||||
| CVE-2016-10774 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172). | |||||
| CVE-2016-10779 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SEC-179). | |||||
| CVE-2016-10806 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing Page (SEC-110). | |||||
| CVE-2019-7897 | 1 Magento | 1 Magento | 2019-08-08 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to customer configurations to inject malicious javascript. | |||||
| CVE-2019-7909 | 1 Magento | 1 Magento | 2019-08-08 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to email templates. | |||||
| CVE-2017-18456 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217). | |||||
| CVE-2018-20953 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389). | |||||
| CVE-2016-10776 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination (SEC-174). | |||||
| CVE-2016-10777 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177). | |||||
| CVE-2016-10780 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-180). | |||||
| CVE-2016-10778 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows self stored XSS in the listftpstable API (SEC-178). | |||||
| CVE-2016-10781 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows self XSS in the UI_confirm API (SEC-180). | |||||
| CVE-2016-10782 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs (SEC-181). | |||||
| CVE-2016-10784 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows self XSS in the alias upload interface (SEC-184). | |||||
| CVE-2016-10783 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows self stored XSS in SSL_listkeys (SEC-182). | |||||
| CVE-2018-20928 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391). | |||||
| CVE-2018-20899 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398). | |||||
| CVE-2016-6316 | 2 Debian, Rubyonrails | 3 Debian Linux, Rails, Ruby On Rails | 2019-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers. | |||||
| CVE-2015-3226 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2019-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding. | |||||