Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7666 | 1 Codepeople | 1 Payment Form For Paypal Pro | 2019-07-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the cal parameter. | |||||
| CVE-2019-3591 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2019-07-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ePO extension in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows unauthenticated remote user to trigger specially crafted JavaScript to render in the ePO UI via a carefully crafted upload to a remote website which is correctly blocked by DLPe Web Protection. This would then render as an XSS when the DLP Admin viewed the event in the ePO UI. | |||||
| CVE-2019-1010113 | 1 Premiumsoftware | 1 Cleditor | 2019-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site Scripting (XSS). The impact is: An attacker might be able to inject arbitrary html and script code into the web site. The component is: jQuery plug-in. The attack vector is: the victim must open a crafted href attribute of a link (A) element. | |||||
| CVE-2019-1010199 | 1 Servicestack | 1 Servicestack | 2019-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site Scripting (XSS). The impact is: JavaScrpit is reflected in the server response, hence executed by the browser. The component is: the query used in the GET request is prone. The attack vector is: Since there is no server-side validation and If Browser encoding is bypassed, the victim is affected when opening a crafted URL. The fixed version is: 5.2.0. | |||||
| CVE-2018-18675 | 1 Gnuboard | 1 Gnuboard5 | 2019-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board title contents" parameter, aka the adm/board_form_update.php bo_mobile_subject parameter. | |||||
| CVE-2018-18670 | 1 Gnuboard | 1 Gnuboard5 | 2019-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Extra Contents" parameter, aka the adm/config_form_update.php cf_1~10 parameter. | |||||
| CVE-2018-18669 | 1 Gnuboard | 1 Gnuboard5 | 2019-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board title contents" parameter, aka the adm/board_form_update.php bo_subject parameter. | |||||
| CVE-2018-18673 | 1 Gnuboard | 1 Gnuboard5 | 2019-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Menu Link" parameter, aka the adm/menu_list_update.php me_link parameter. | |||||
| CVE-2018-18672 | 1 Gnuboard | 1 Gnuboard5 | 2019-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board head contents" parameter, aka the adm/board_form_update.php bo_content_head parameter. | |||||
| CVE-2018-18671 | 1 Gnuboard | 1 Gnuboard5 | 2019-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board head contents" parameter, aka the adm/board_form_update.php bo_mobile_content_head parameter. | |||||
| CVE-2018-18676 | 1 Gnuboard | 1 Gnuboard5 | 2019-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board tail contents" parameter, aka the adm/board_form_update.php bo_mobile_content_tail parameter. | |||||
| CVE-2019-3414 | 1 Zte | 2 Otcp, Otcp Firmware | 2019-07-25 | 2.3 LOW | 4.8 MEDIUM |
| All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. Due to XSS, when an attacker invokes the security management to obtain the resources of the specified operation code owned by a user, the malicious script code could be transmitted in the parameter. If the front end does not process the returned result from the interface properly, the malicious script may be executed and the user cookie or other important information may be stolen. | |||||
| CVE-2018-0511 | 1 Meowapps | 1 Wp Retina 2x | 2019-07-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-13029 | 1 Vanderbilt | 1 Redcap | 2019-07-24 | 3.5 LOW | 4.8 MEDIUM |
| Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser. | |||||
| CVE-2018-17024 | 1 Monstra | 1 Monstra | 2019-07-23 | 3.5 LOW | 4.8 MEDIUM |
| admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an add_page action. | |||||
| CVE-2019-12927 | 1 Mailenable | 1 Mailenable | 2019-07-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| MailEnable Enterprise Premium 10.23 was vulnerable to stored and reflected cross-site scripting (XSS) attacks. Because the session cookie did not use the HttpOnly flag, it was possible to hijack the session cookie by exploiting this vulnerability. | |||||
| CVE-2019-13643 | 1 Espocrm | 1 Espocrm | 2019-07-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clicking a malicious link on the Notifications page. | |||||
| CVE-2019-1010235 | 1 Frog Cms Project | 1 Frog Cms | 2019-07-23 | 3.5 LOW | 5.4 MEDIUM |
| Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing, Alert pop-up on page, Redirecting to another phishing site, Executing browser exploits. The component is: Snippets. | |||||
| CVE-2019-1010287 | 1 Timesheet Next Gen Project | 1 Timesheet Next Gen | 2019-07-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url. | |||||
| CVE-2019-13971 | 1 Otcms | 1 Otcms | 2019-07-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request. | |||||