Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20920 | 1 Cpanel | 1 Cpanel | 2019-08-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374). | |||||
| CVE-2018-20921 | 1 Cpanel | 1 Cpanel | 2019-08-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375). | |||||
| CVE-2018-20922 | 1 Cpanel | 1 Cpanel | 2019-08-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376). | |||||
| CVE-2018-20923 | 1 Cpanel | 1 Cpanel | 2019-08-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377). | |||||
| CVE-2019-1020005 | 1 Inveniosoftware | 1 Invenio-communities | 2019-08-01 | 3.5 LOW | 5.4 MEDIUM |
| invenio-communities before 1.0.0a20 allows XSS. | |||||
| CVE-2019-13607 | 1 Opera | 1 Mini | 2019-08-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Opera Mini application through 16.0.14 for iOS has a UXSS vulnerability that can be triggered by performing navigation to a javascript: URL. | |||||
| CVE-2019-1020003 | 1 Inveniosoftware | 1 Invenio-records | 2019-08-01 | 3.5 LOW | 5.4 MEDIUM |
| invenio-records before 1.2.2 allows XSS. | |||||
| CVE-2018-14037 | 1 Progress | 1 Kendo Ui | 2019-08-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the editor, the payload gets executed. Furthermore, if the payload is reflected at any other resource that does rely on the sanitisation of the editor itself, the JavaScript payload will be executed in the context of the application. This allows attackers (in the worst case) to take over user sessions. | |||||
| CVE-2008-1976 | 2 Internationalization Project, Localizer Project | 2 Internationalization, Localizer | 2019-08-01 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Drupal modules (1) Internationalization (i18n) 5.x before 5.x-2.3 and 5.x-1.1 and 6.x before 6.x-1.0 beta 1; and (2) Localizer 5.x before 5.x-3.4, 5.x-2.1, and 5.x-1.11; allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-1020019 | 1 Inveniosoftware | 1 Invenio-previewer | 2019-07-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| invenio-previewer before 1.0.0a12 allows XSS. | |||||
| CVE-2019-1020008 | 1 Stacktable.js Project | 1 Stacktable.js | 2019-07-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| stacktable.js before 1.0.4 allows XSS. | |||||
| CVE-2019-14286 | 1 Misp | 1 Misp | 2019-07-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. A malicious MISP event must be crafted in order to trigger the vulnerability. | |||||
| CVE-2019-10263 | 1 Ahsay | 1 Cloud Backup Suite | 2019-07-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When creating a trial account, it is possible to inject XSS in the Alias field, allowing the attacker to retrieve the admin's cookie and take over the account. | |||||
| CVE-2018-20866 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature (SEC-461). | |||||
| CVE-2018-20868 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464). | |||||
| CVE-2018-19311 | 1 Centreon | 1 Centreon | 2019-07-30 | 3.5 LOW | 5.4 MEDIUM |
| Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen. | |||||
| CVE-2018-19280 | 1 Centreon | 1 Centreon | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource name or macro expression of a poller macro. | |||||
| CVE-2015-7672 | 1 Centreon | 1 Centreon | 2019-07-30 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Centreon 2.6.1 (fixed in Centreon 18.10.0 and Centreon web 2.8.27). | |||||
| CVE-2019-14406 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493). | |||||
| CVE-2018-20865 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459). | |||||