Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17421 | 1 Zrlog | 1 Zrlog | 2019-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname. | |||||
| CVE-2018-17426 | 1 Wuzhicms | 1 Wuzhi Cms | 2019-03-08 | 3.5 LOW | 5.4 MEDIUM |
| WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in station" field under the index.php?m=core URI. | |||||
| CVE-2019-7660 | 1 Phpmywind | 1 Phpmywind | 2019-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in PHPMyWind 5.5. The username parameter of the /install/index.php page has a stored Cross-site Scripting (XSS) vulnerability, as demonstrated by admin/login.php. | |||||
| CVE-2019-7661 | 1 Phpmywind | 1 Phpmywind | 2019-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in PHPMyWind 5.5. The method parameter of the data/api/oauth/connect.php page has a reflected Cross-site Scripting (XSS) vulnerability. | |||||
| CVE-2019-0742 | 1 Microsoft | 1 Team Foundation Server | 2019-03-08 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0743. | |||||
| CVE-2018-12090 | 1 Lamsfoundation | 1 Lams | 2019-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change. | |||||
| CVE-2019-0743 | 1 Microsoft | 1 Team Foundation Server | 2019-03-08 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0742. | |||||
| CVE-2018-12040 | 1 Sensiolabs | 1 Symfony | 2019-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should never be deployed in production (so, we don't handle those issues as security issues)." | |||||
| CVE-2018-16808 | 1 Dolibarr | 1 Dolibarr | 2019-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note. | |||||
| CVE-2019-8440 | 1 Dilicms | 1 Dilicms | 2019-03-07 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the third textbox (aka site logo) of "System setting->site setting" of admin/index.php, aka site_logo. | |||||
| CVE-2019-8438 | 1 Dilicms | 1 Dilicms | 2019-03-07 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the first textbox of "System setting->site setting" of admin/index.php, aka site_name. | |||||
| CVE-2019-8439 | 1 Dilicms | 1 Dilicms | 2019-03-07 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the second textbox of "System setting->site setting" of admin/index.php, aka site_domain. | |||||
| CVE-2017-15515 | 1 Netapp | 1 Snapcenter Server | 2019-03-07 | 3.5 LOW | 4.8 MEDIUM |
| NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field. | |||||
| CVE-2019-9567 | 1 Wpmudev | 1 Forminator Contact Form\, Poll \& Quiz Builder | 2019-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll. | |||||
| CVE-2018-1000129 | 1 Jolokia | 1 Jolokia | 2019-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser. | |||||
| CVE-2016-6857 | 1 Sap | 1 Hybris | 2019-03-07 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Create Catalogue feature in Hybris Management Console (HMC) in SAP Hybris before 5.2.0.13, 5.3.x before 5.3.0.11, 5.4.x before 5.4.0.11, 5.5.0.x before 5.5.0.10, 5.5.1.x before 5.5.1.11, 5.6.x before 5.6.0.11, and 5.7.x before 5.7.0.15 allows remote authenticated users to inject arbitrary web script or HTML via the ID field. | |||||
| CVE-2019-8278 | 1 Invisioncommunity | 1 Invision Power Board | 2019-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution. | |||||
| CVE-2018-10059 | 1 Cacti | 1 Cacti | 2019-03-07 | 3.5 LOW | 5.4 MEDIUM |
| Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name. | |||||
| CVE-2018-10752 | 1 Tagregator Project | 1 Tagregator | 2019-03-07 | 3.5 LOW | 4.8 MEDIUM |
| The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action. | |||||
| CVE-2018-10118 | 1 Monstra | 1 Monstra | 2019-03-07 | 3.5 LOW | 4.8 MEDIUM |
| Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php. | |||||