Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13970 | 1 Antsword Project | 1 Antsword | 2019-07-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| In antSword before 2.1.0, self-XSS in the database configuration leads to code execution via modules/database/asp/index.js, modules/database/custom/index.js, modules/database/index.js, or modules/database/php/index.js. | |||||
| CVE-2019-7955 | 1 Adobe | 1 Experience Manager | 2019-07-19 | 5.8 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager version 6.4 and ealier have a Reflected Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user. | |||||
| CVE-2019-1010261 | 1 Gitea | 1 Gitea | 2019-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically crafted URL. The fixed version is: 1.7.1 and later. | |||||
| CVE-2019-1134 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2019-07-19 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | |||||
| CVE-2019-13972 | 1 Layerbb | 1 Layerbb | 2019-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997. | |||||
| CVE-2019-13948 | 1 Syguestbook A5 Project | 1 Syguestbook A5 | 2019-07-18 | 3.5 LOW | 5.4 MEDIUM |
| SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element. | |||||
| CVE-2019-13950 | 1 Syguestbook A5 Project | 1 Syguestbook A5 | 2019-07-18 | 3.5 LOW | 5.4 MEDIUM |
| index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored XSS via a reply to a comment. | |||||
| CVE-2016-10763 | 1 Automattic | 1 Camptix Event Ticketing | 2019-07-18 | 3.5 LOW | 4.8 MEDIUM |
| The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body. | |||||
| CVE-2019-10017 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-07-18 | 3.5 LOW | 5.4 MEDIUM |
| CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker. | |||||
| CVE-2019-13493 | 1 Sitecore | 1 Experience Platform | 2019-07-18 | 3.5 LOW | 5.4 MEDIUM |
| In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript. | |||||
| CVE-2019-13448 | 1 Sertek | 1 Xpare | 2019-07-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could exploit the vulnerable function in order to prepare an XSS payload to send to the product's clients. | |||||
| CVE-2019-1076 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-07-18 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. | |||||
| CVE-2019-1010307 | 1 Glpi-project | 1 Glpi | 2019-07-18 | 3.5 LOW | 5.4 MEDIUM |
| GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). The impact is: All dropdown values are vulnerable to XSS leading to privilege escalation and executing js on admin. The component is: /glpi/ajax/getDropDownValue.php. The attack vector is: 1- User Create a ticket , 2- Admin opens another ticket and click on the "Link Tickets" feature, 3- a request to the endpoint fetches js and executes it. | |||||
| CVE-2018-9861 | 2 Ckeditor, Drupal | 2 Enhanced Image, Drupal | 2019-07-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG element. | |||||
| CVE-2019-1010008 | 1 Openenergymonitor | 1 Emoncms | 2019-07-18 | 3.5 LOW | 5.4 MEDIUM |
| OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting (XSS). The impact is: Theoretically low, but might potentially enable persistent XSS (user could embed mal. code). The component is: Javascript code execution in "Name", "Location", "Bio" and "Starting Page" fields in the "My Account" page. File: Lib/listjs/list.js, line 67. The attack vector is: unknown, victim must open profile page if persistent was possible. | |||||
| CVE-2019-0281 | 1 Sap | 1 Openui5 | 2019-07-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-13346 | 1 Myt Project | 1 Myt | 2019-07-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MyT 1.5.1, the User[username] parameter has XSS. | |||||
| CVE-2019-13506 | 1 Nuxtjs | 2 \@nuxt\/devalue, Nuxt.js | 2019-07-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| @nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mishandles object keys, leading to XSS. | |||||
| CVE-2014-1223 | 1 Telligent | 1 Evolution | 2019-07-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in controlpanel/loading.aspx in Telligent Evolution before 6.1.19.36103, 7.x before 7.1.12.36162, 7.5.x, and 7.6.x before 7.6.7.36651 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-0362 | 1 Google | 1 Search Appliance Software | 2019-07-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability on Google Search Appliance (GSA) devices before 7.0.14.G.216 and 7.2 before 7.2.0.G.114, when dynamic navigation is configured, allows remote attackers to inject arbitrary web script or HTML via input included in a SCRIPT element. | |||||