Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3009 | 1 Rubyonrails | 1 Rails | 2019-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper. | |||||
| CVE-2007-3227 | 1 Rubyonrails | 1 Rails | 2019-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values. | |||||
| CVE-2019-5401 | 1 Hp | 2 Hp2910al-48g, Hp2910al-48g Firmware | 2019-08-08 | 3.5 LOW | 4.8 MEDIUM |
| A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). But admin privileges are required to configure these fields thereby reducing the likelihood of exploit. HPE Aruba has provided firmware updates to resolve the vulnerability in HP 2910-48G al Switch. Please update to W.15.14.0017. | |||||
| CVE-2019-14456 | 1 Opengear | 1 Opengear | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| Opengear console server firmware releases prior to 4.5.0 have a stored XSS vulnerability related to serial port logging. If a malicious user of an external system (connected to a serial port on an Opengear console server) sends crafted text to a serial port (that has logging enabled), the text will be replayed when the logs are viewed. Exploiting this vulnerability requires access to the serial port and/or console server. | |||||
| CVE-2019-7882 | 1 Magento | 1 Magento | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting vulnerability exists in the WYSIWYG editor of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the editor can inject malicious SWF files. | |||||
| CVE-2019-7934 | 1 Magento | 1 Magento | 2019-08-07 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to edit newsletter templates to inject malicious javascript. | |||||
| CVE-2019-7875 | 1 Magento | 1 Magento | 2019-08-07 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to newsletter templates. | |||||
| CVE-2019-7881 | 1 Magento | 1 Magento | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting mitigation bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user to escalate privileges (admin vs. admin XSS attack). | |||||
| CVE-2018-20951 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387). | |||||
| CVE-2019-7935 | 1 Magento | 1 Magento | 2019-08-07 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify content page titles to inject malicious javascript. | |||||
| CVE-2018-20950 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386). | |||||
| CVE-2018-20949 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385). | |||||
| CVE-2019-7887 | 1 Magento | 1 Magento | 2019-08-07 | 3.5 LOW | 4.8 MEDIUM |
| A reflected cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 when the feature that adds a secret key to the Admin URL is disabled. | |||||
| CVE-2019-7938 | 1 Magento | 1 Magento | 2019-08-07 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify catalog price rules to inject malicious javascript. | |||||
| CVE-2019-7940 | 1 Magento | 1 Magento | 2019-08-07 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify store currency options to inject malicious javascript. | |||||
| CVE-2019-7944 | 1 Magento | 1 Magento | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the Return Product comments field can inject malicious javascript. | |||||
| CVE-2019-7945 | 1 Magento | 1 Magento | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-cite scripting vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to modify currency symbols can inject malicious javascript. | |||||
| CVE-2018-20948 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383). | |||||
| CVE-2018-20933 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410). | |||||
| CVE-2016-10827 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96). | |||||