Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20824 | 1 Atlassian | 1 Jira | 2019-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter. | |||||
| CVE-2017-11163 | 1 Cacti | 1 Cacti | 2019-05-03 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. | |||||
| CVE-2018-16960 | 1 Buffalo | 1 Open Xdmod | 2019-05-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/login.php has Reflected XSS via the xd_user_formal_name parameter. | |||||
| CVE-2017-1380 | 1 Ibm | 1 Websphere Application Server | 2019-05-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127151. | |||||
| CVE-2018-16718 | 1 Nih | 1 Ncbi Toolbox | 2019-05-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox via a crafted -z1 argument. | |||||
| CVE-2017-12971 | 1 Apache2triad | 1 Apache2triad | 2019-05-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php. | |||||
| CVE-2017-11503 | 1 Phpmailer Project | 1 Phpmailer | 2019-05-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php. | |||||
| CVE-2019-11676 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2019-05-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks. | |||||
| CVE-2018-10383 | 1 Lantronix | 2 Securelinx Spider, Securelinx Spider Firmware | 2019-05-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Lantronix SecureLinx Spider (SLS) 2.2+ devices have XSS in the auth.asp login page. | |||||
| CVE-2018-14875 | 1 Polarisft | 1 Intellect Core Banking | 2019-05-03 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. Reflected XSS exists with an authenticated session via the Customerid, formName, FrameId, or MODE parameter. | |||||
| CVE-2018-1356 | 1 Fortinet | 1 Fortisandbox | 2019-05-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox before 3.0 may allow an attacker to execute unauthorized code or commands via the back_url parameter in the file scan component. | |||||
| CVE-2015-7711 | 1 Atutor | 1 Atutor | 2019-05-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter. | |||||
| CVE-2019-10893 | 1 Centos-webpanel | 1 Centos Web Panel | 2019-05-02 | 3.5 LOW | 4.8 MEDIUM |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) and 0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the "CWP Settings > "Edit Settings" screen. By changing the email ID to any XSS Payload and clicking on Save Changes, the XSS Payload will execute. | |||||
| CVE-2015-7668 | 1 Easy2map | 1 Easy2map | 2019-05-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter. | |||||
| CVE-2016-8748 | 1 Apache | 1 Nifi | 2019-05-01 | 3.5 LOW | 5.4 MEDIUM |
| In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM. | |||||
| CVE-2015-9286 | 1 Nodebb | 1 Nodebb | 2019-05-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS. | |||||
| CVE-2019-11533 | 1 Projectsend | 1 Projectsend | 2019-05-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in ProjectSend before r1070 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2015-9285 | 1 Esotalk | 1 Esotalk | 2019-04-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ URI. | |||||
| CVE-2019-9955 | 1 Zyxel | 42 Atp200, Atp200 Firmware, Atp500 and 39 more | 2019-04-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter. | |||||
| CVE-2006-0032 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2019-04-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7. | |||||