Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17167 | 1 Printeron | 1 Printeron | 2019-03-26 | 3.5 LOW | 5.4 MEDIUM |
| PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Name" field in the Access Control configuration, (4) "Service Name" in the Service Configuration, or (5) First Name or Last Name field in the Edit Account configuration. | |||||
| CVE-2019-9650 | 1 Upcoming Events Project | 1 Upcoming Events | 2019-03-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in upcoming_events.php in the Upcoming Events plugin before 1.33 for MyBB via a crafted name for an event. | |||||
| CVE-2019-7223 | 1 Invoiceplane | 1 Invoiceplane | 2019-03-25 | 3.5 LOW | 5.4 MEDIUM |
| InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save invoice_password parameter, aka the "PDF password" field to the "Create Invoice" option. The XSS payload is rendered at an index.php/invoices/view/## URI. NOTE: this is different from CVE-2018-12255. | |||||
| CVE-2018-10091 | 1 Audiocodes | 2 420hd Ip Phone, 420hd Ip Phone Firmware | 2019-03-25 | 3.5 LOW | 4.8 MEDIUM |
| AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow XSS. | |||||
| CVE-2019-3480 | 1 Hp | 1 Arcsight Logger | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7. | |||||
| CVE-2019-8938 | 1 Vertrigoserv Project | 1 Vertrigoserv | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter. | |||||
| CVE-2019-9093 | 1 Humhub | 1 Humhub | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in file/file/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing a JavaScript payload in the filename parameter is echoed back, which resulted in reflected XSS. | |||||
| CVE-2019-9094 | 1 Humhub | 1 Humhub | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in /s/adada/cfiles/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing JavaScript in the filename is echoed back in JavaScript code, which resulted in XSS. | |||||
| CVE-2018-20165 | 1 Opentext | 1 Opentext Portal | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI. | |||||
| CVE-2018-19934 | 1 Solarwinds | 1 Serv-u Ftp Server | 2019-03-25 | 3.5 LOW | 4.8 MEDIUM |
| SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter. | |||||
| CVE-2018-20639 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injection via the Search Bar. | |||||
| CVE-2017-2475 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames on a web site. | |||||
| CVE-2019-9914 | 1 Yop-poll | 1 Yop-poll | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes poll_id XSS. | |||||
| CVE-2019-9911 | 1 Nextscripts | 1 Social Networks Auto-poster | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS. | |||||
| CVE-2019-9910 | 1 King-theme | 1 Kingcomposer | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS. | |||||
| CVE-2017-7038 | 1 Apple | 4 Iphone Os, Safari, Tvos and 1 more | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. | |||||
| CVE-2019-9908 | 1 Hivewebstudios | 1 Font Organizer | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php manage_font_id XSS. | |||||
| CVE-2019-7421 | 1 Samsung | 3 Syncthru Web Service, X7400gx, X7400gx Firmware | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple parameters: contextpath and basedURL. | |||||
| CVE-2019-7417 | 1 Ericsson | 1 Active Library Explorer | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple parameters in the "/cgi-bin/alexserv" servlet, as demonstrated by the DB, FN, fn, or id parameter. | |||||
| CVE-2019-7419 | 1 Samsung | 3 Syncthru Web Service, X7400gx, X7400gx Firmware | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title. | |||||