Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16625 | 1 Typesettercms | 1 Typesetter | 2019-05-13 | 3.5 LOW | 4.8 MEDIUM |
| index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element. | |||||
| CVE-2018-16639 | 1 Typesettercms | 1 Typesetter | 2019-05-13 | 3.5 LOW | 5.4 MEDIUM |
| Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page creation. | |||||
| CVE-2019-7413 | 1 Parallax Scroll Project | 1 Parallax Scroll | 2019-05-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the Parallax Scroll (aka adamrob-parallax-scroll) plugin before 2.1 for WordPress, includes/adamrob-parralax-shortcode.php allows XSS via the title text. ("parallax" has a spelling change within the PHP filename.) | |||||
| CVE-2018-16210 | 1 Wago | 2 Wago 750-881 Ethernet Controller Devices, Wago 750-881 Ethernet Controller Devices Firmware | 2019-05-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field. | |||||
| CVE-2018-20484 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2019-05-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation. | |||||
| CVE-2018-20485 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2019-05-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature. | |||||
| CVE-2017-12885 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-05-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). | |||||
| CVE-2019-11870 | 1 S9y | 1 Serendipity | 2019-05-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature. | |||||
| CVE-2018-20837 | 1 Typesettercms | 1 Typesetter | 2019-05-10 | 3.5 LOW | 4.8 MEDIUM |
| include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS. | |||||
| CVE-2017-12788 | 1 Metinfo | 1 Metinfo | 2019-05-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in Metinfo 5.3.18 allows remote attackers to inject arbitrary web script or HTML via the (1) class1 parameter or the (2) anyid parameter. | |||||
| CVE-2019-11406 | 1 Intelliants | 1 Subrion Cms | 2019-05-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter. | |||||
| CVE-2017-1000392 | 1 Jenkins | 1 Jenkins | 2019-05-08 | 3.5 LOW | 4.8 MEDIUM |
| Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than characters. | |||||
| CVE-2018-1000170 | 1 Jenkins | 1 Jenkins | 2019-05-08 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in confirmationList.jelly and stopButton.jelly that allows attackers with Job/Configure and/or Job/Create permission to create an item name containing JavaScript that would be executed in another user's browser when that other user performs some UI actions. | |||||
| CVE-2018-1000407 | 1 Jenkins | 1 Jenkins | 2019-05-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/Api.java that allows attackers to specify URLs to Jenkins that result in rendering arbitrary attacker-controlled HTML by Jenkins. | |||||
| CVE-2019-11643 | 1 Oneshield | 1 Oneshield Policy | 2019-05-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent XSS has been found in the OneShield Policy (Dragon Core) framework before 5.1.10. Remote adversaries can inject malicious JavaScript into textboxes decorated with type string, which is subsequently stored to the applicable data store. This can be exploited remotely by both authenticated and unauthenticated users. | |||||
| CVE-2019-8349 | 1 Htmly | 1 Htmly | 2019-05-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in HTMLy 2.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) destination parameter to delete feature; the (2) destination parameter to edit feature; (3) content parameter in the profile feature. | |||||
| CVE-2019-11564 | 1 Humhub | 1 Humhub | 2019-05-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows remote attackers to inject arbitrary web script or HTML via a /protected/vendor/codeception/codeception/tests/data/app/view/index.php POST request. | |||||
| CVE-2019-11818 | 1 Alkacon | 1 Opencms | 2019-05-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). This allows an attacker to insert arbitrary JavaScript as user input (First Name or Last Name), which will be executed whenever the affected snippet is loaded. | |||||
| CVE-2019-7687 | 1 Jio | 2 Jmr1140, Jmr1140 Firmware | 2019-05-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| cgi-bin/qcmap_web_cgi on JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices has POST based reflected XSS via the Page parameter. No sanitization is performed for user input data. | |||||
| CVE-2019-11814 | 1 Misp | 1 Misp | 2019-05-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot. | |||||