Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20448 | 1 Frog Cms Project | 1 Frog Cms | 2019-03-04 | 3.5 LOW | 5.4 MEDIUM |
| Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI. | |||||
| CVE-2018-5691 | 1 Sonicwall | 2 Analyzer, Global Management System | 2019-03-04 | 3.5 LOW | 5.4 MEDIUM |
| SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module. | |||||
| CVE-2019-9551 | 1 Wdoyo | 1 Doyocms | 2019-03-04 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DOYO (aka doyocms) 2.3 through 2015-05-06. It has admin.php XSS. | |||||
| CVE-2018-20153 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-04 | 3.5 LOW | 5.4 MEDIUM |
| In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS. | |||||
| CVE-2018-20150 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins. | |||||
| CVE-2018-20149 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-04 | 3.5 LOW | 5.4 MEDIUM |
| In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data. | |||||
| CVE-2019-9550 | 1 Dhcms Project | 1 Dhcms | 2019-03-04 | 3.5 LOW | 4.8 MEDIUM |
| DhCms through 2017-09-18 has admin.php?r=admin/Index/index XSS. | |||||
| CVE-2019-8279 | 1 Vanillaforums | 1 Vanilla Forums | 2019-03-04 | 3.5 LOW | 5.4 MEDIUM |
| Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum. | |||||
| CVE-2016-8751 | 1 Apache | 1 Ranger | 2019-03-01 | 3.5 LOW | 4.8 MEDIUM |
| Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies. | |||||
| CVE-2018-7261 | 1 Radiantcms | 1 Radiant Cms | 2019-03-01 | 3.5 LOW | 5.4 MEDIUM |
| There are multiple Persistent XSS vulnerabilities in Radiant CMS 1.1.4. They affect Personal Preferences (Name and Username) and Configuration (Site Title, Dev Site Domain, Page Parts, and Page Fields). | |||||
| CVE-2018-8031 | 1 Apache | 1 Tomee | 2019-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Apache TomEE console (tomee-webapp) has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web application is typically used to add TomEE features to a Tomcat installation. The TomEE bundles do not ship with this application included. This issue can be mitigated by removing the application after TomEE is setup (if using the application to install TomEE), using one of the provided pre-configured bundles, or by upgrading to TomEE 7.0.5. This issue is resolve in this commit: b8bbf50c23ce97dd64f3a5d77f78f84e47579863. | |||||
| CVE-2019-9226 | 1 Baigo | 1 Baigo Cms | 2019-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in baigo CMS 2.1.1. There is a persistent XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the opt[base][BG_SITE_NAME] parameter to the bg_console/index.php?m=opt&c=request URI. | |||||
| CVE-2018-8729 | 1 Activity Log Project | 1 Activity Log | 2019-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped. | |||||
| CVE-2018-8716 | 1 Wso2 | 1 Identity Server | 2019-02-28 | 3.5 LOW | 5.4 MEDIUM |
| WSO2 Identity Server before 5.5.0 has XSS via the dashboard, allowing attacks by low-privileged attackers. | |||||
| CVE-2018-9244 | 1 Gitlab | 1 Gitlab | 2019-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature). This is fixed in 10.6.3, 10.5.7, and 10.4.7. | |||||
| CVE-2018-9243 | 1 Gitlab | 1 Gitlab | 2019-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7. | |||||
| CVE-2018-9163 | 1 Zohocorp | 1 Manageengine Recovery Manager Plus | 2019-02-27 | 3.5 LOW | 5.4 MEDIUM |
| A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do. | |||||
| CVE-2019-8410 | 1 Maccms | 1 Maccms | 2019-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key). | |||||
| CVE-2019-8939 | 1 Tautulli | 1 Tautulli | 2019-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page. | |||||
| CVE-2019-6595 | 1 F5 | 1 Big-ip Access Policy Manager | 2019-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in F5 BIG-IP Access Policy Manager (APM) 11.5.x and 11.6.x Admin Web UI. | |||||