Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9765 | 1 Blog Mini Project | 1 Blog Mini | 2019-03-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Blog_mini 1.0, XSS exists via the author name of a comment reply in the app/main/views.py articleDetails() function, related to app/templates/_article_comments.html. | |||||
| CVE-2017-6099 | 1 Paypal | 1 Merchant-sdk-php | 2019-03-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter. | |||||
| CVE-2017-6102 | 1 Rockhoist Badges Project | 1 Rockhoist Badges Plugin | 2019-03-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent XSS in wordpress plugin rockhoist-badges v1.2.2. | |||||
| CVE-2015-1435 | 1 Mylittleforum | 1 My Little Forum | 2019-03-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in my little forum before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the back parameter to index.php. | |||||
| CVE-2015-4591 | 1 Eclinicalworks | 1 Population Health | 2019-03-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter. | |||||
| CVE-2015-1436 | 1 Easing Slider Project | 1 Easing Slider | 2019-03-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Easing Slider plugin before 2.2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the (1) easingslider_manage_customizations or (2) easingslider_edit_sliders page to wp-admin/admin.php. | |||||
| CVE-2017-14522 | 1 Wondercms | 1 Wondercms | 2019-03-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that enables only a logged in administrator to write execute JavaScript anywhere on their website. | |||||
| CVE-2019-9558 | 1 Mailtraq | 1 Webmail | 2019-03-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting (XSS) via the body of an e-mail message. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe. | |||||
| CVE-2019-9725 | 1 Korenix | 5 Jetport 5601, Jetport 5601 Firmware, Jetport 5601f and 2 more | 2019-03-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Web manager (aka Commander) on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting. | |||||
| CVE-2019-0269 | 1 Sap | 1 Businessobjects Business Intelligence | 2019-03-13 | 3.5 LOW | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.10 and 4.20, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-5925 | 1 Dradisframework | 1 Dradis | 2019-03-13 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Dradis Community Edition Dradis Community Edition v3.11 and earlier and Dradis Professional Edition v3.1.1 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-9557 | 1 Codecrafters | 1 Ability Mail Server | 2019-03-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe. | |||||
| CVE-2019-9736 | 1 1024tools | 1 1024tools | 2019-03-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| DOM-based XSS exists in 1024Tools Markdown 1.0 via vectors involving the '<EMBED SRC="data:image/svg+xml' substring. | |||||
| CVE-2019-9738 | 1 Golangtc | 1 Gopher | 2019-03-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| jimmykuu Gopher 2.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring. | |||||
| CVE-2011-1743 | 1 Emc | 1 Captiva Einput | 2019-03-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EMC Captiva eInput 2.1.1 before 2.1.1.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-6003 | 1 Dotcms | 1 Dotcms | 2019-03-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields. | |||||
| CVE-2015-6518 | 1 Phpliteadmin | 1 Phpliteadmin | 2019-03-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpLiteAdmin 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) droptable parameter, or (3) table parameter to phpliteadmin.php. | |||||
| CVE-2017-5962 | 1 Netresearch | 1 Contexts Wurfl | 2019-03-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in contexts_wurfl (for TYPO3) before 0.4.2. The vulnerability exists due to insufficient filtration of user-supplied data in the "force_ua" HTTP GET parameter passed to the "/contexts_wurfl/Library/wurfl-dbapi-1.4.4.0/check_wurfl.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2008-2450 | 1 Inmedias | 1 Statistics | 2019-03-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Statistics (aka ke_stats) extension 0.1.2 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-2452 | 1 Inmedias | 1 Questionaire | 2019-03-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Questionaire (aka pbsurvey) extension 1.2.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||