Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10118 | 1 Snipeitapp | 1 Snipe-it | 2019-03-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and the user's last name in the API. | |||||
| CVE-2016-10744 | 1 Select2 | 1 Select2 | 2019-03-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data. | |||||
| CVE-2018-18845 | 1 Advanced Comment System Project | 1 Advanced Comment System | 2019-03-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| internal/advanced_comment_system/index.php and internal/advanced_comment_system/admin.php in Advanced Comment System, version 1.0, contain a reflected cross-site scripting vulnerability via ACS_path. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The product is discontinued. | |||||
| CVE-2019-1571 | 1 Paloaltonetworks | 1 Expedition | 2019-03-27 | 3.5 LOW | 4.8 MEDIUM |
| The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings. | |||||
| CVE-2019-1570 | 1 Paloaltonetworks | 1 Expedition | 2019-03-27 | 3.5 LOW | 4.8 MEDIUM |
| The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings. | |||||
| CVE-2019-10105 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-03-27 | 3.5 LOW | 5.4 MEDIUM |
| CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager. | |||||
| CVE-2019-10107 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-03-27 | 3.5 LOW | 5.4 MEDIUM |
| CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section. | |||||
| CVE-2019-10106 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-03-27 | 3.5 LOW | 5.4 MEDIUM |
| CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section. | |||||
| CVE-2019-1569 | 1 Paloaltonetworks | 1 Expedition | 2019-03-27 | 3.5 LOW | 4.8 MEDIUM |
| The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user. | |||||
| CVE-2019-10010 | 1 Thephpleague | 1 Commonmark | 2019-03-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than CVE-2018-20583. | |||||
| CVE-2018-7205 | 1 Kentico | 1 Kentico Cms | 2019-03-26 | 3.5 LOW | 4.8 MEDIUM |
| ** DISPUTED ** Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages -> Edit template properties -> Device Layouts -> Create device layout (and edit created device layout) -> Design" screens. NOTE: the vendor has responded that there is intended functionality for authorized users to edit and update ascx code layout. | |||||
| CVE-2018-14575 | 1 Mybb | 1 Trash Bin | 2019-03-26 | 6.8 MEDIUM | 8.8 HIGH |
| Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject. | |||||
| CVE-2018-13104 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-03-26 | 3.5 LOW | 5.4 MEDIUM |
| OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID) | |||||
| CVE-2018-12652 | 1 Myadrenalin | 1 Adrenalin | 2019-03-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the LeaveEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter. | |||||
| CVE-2019-10027 | 1 Phpcms | 1 Phpcms | 2019-03-26 | 3.5 LOW | 4.8 MEDIUM |
| PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field on the personal information screen. | |||||
| CVE-2019-10016 | 1 Gforge | 1 Advanced Server | 2019-03-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by a snippet/search/?words= substring. | |||||
| CVE-2017-7340 | 1 Fortinet | 1 Fortiportal | 2019-03-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality. | |||||
| CVE-2019-7299 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2019-03-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the submit_ticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the subject parameter in wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/ajax/submit_ticket.php. | |||||
| CVE-2018-20640 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2019-03-26 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has stored Cross-Site Scripting (XSS) via the Full Name field. | |||||
| CVE-2018-14724 | 1 Mybb | 1 Ban List | 2019-03-26 | 3.5 LOW | 5.4 MEDIUM |
| In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page. | |||||