Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7545 | 1 Dbninja | 1 Dbninja | 2019-02-08 | 3.5 LOW | 5.4 MEDIUM |
| In DbNinja 3.2.7, the Add Host function of the Manage Hosts pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name field. | |||||
| CVE-2019-7544 | 1 Mywebsql | 1 Mywebsql | 2019-02-07 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in MyWebSQL 3.7. The Add User function of the User Manager pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name Field. | |||||
| CVE-2018-17193 | 1 Apache | 1 Nifi | 2019-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. Mitigation: The fix to correctly parse and sanitize the request attribute value was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release. | |||||
| CVE-2015-3361 | 1 Linkit Project | 1 Linkit | 2019-02-07 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Linkit module before 7.x-2.7 and 7.x-3.x before 7.x-3.3 for Drupal, when the node search plugin is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a node title. | |||||
| CVE-2019-7567 | 1 Bijiadao | 1 Waimai Super Cms | 2019-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member&a=adminaddsave has XSS via the username or password parameter. | |||||
| CVE-2018-1000998 | 1 Freebsd | 1 Cvsweb | 2019-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. It might impact other sites on same domain. This attack appears to be exploitable via victim must load specially crafted url. This vulnerability appears to have been fixed in 3.x. | |||||
| CVE-2019-7543 | 1 Kindsoft | 1 Kindeditor | 2019-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability. | |||||
| CVE-2019-7546 | 1 Topnew | 1 Sidu | 2019-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in SIDU 6.0. The dbs parameter of the conn.php page has a reflected Cross-site Scripting (XSS) vulnerability. | |||||
| CVE-2019-7547 | 1 Topnew | 1 Sidu | 2019-02-07 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in SIDU 6.0. Because the database name is not strictly filtered, the attacker can insert a name containing an XSS Payload, leading to stored XSS. | |||||
| CVE-2018-20757 | 1 Modx | 1 Modx Revolution | 2019-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name. | |||||
| CVE-2018-20756 | 1 Modx | 1 Modx Revolution | 2019-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs. | |||||
| CVE-2018-20755 | 1 Modx | 1 Modx Revolution | 2019-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| MODX Revolution through v2.7.0-pl allows XSS via the User Photo field. | |||||
| CVE-2019-1000024 | 1 Opt-net | 1 Ng-netms | 2019-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cross Site Scripting (XSS) vulnerability in /js/libs/jstree/demo/filebrowser/index.php page. The "id" and "operation" GET parameters can be used to inject arbitrary JavaScript which is returned in the page's response that can result in Cross-site scripting.This attack appear to be exploitable via network connectivity. | |||||
| CVE-2019-1000004 | 1 Jspmyadmin | 1 Jspmyadmin2 | 2019-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| yugandhargangu JspMyAdmin2 version 1.0.6 and earlier contains a Cross Site Scripting (XSS) vulnerability in sidebar and table data that can result in Database fields aren't properly sanitized and allow code injection (Cross-Site Scripting). This attack appears to be exploitable via the payload needs to be stored in the database and the victim must see the db value in question. | |||||
| CVE-2019-6591 | 1 F5 | 1 Big-ip Access Policy Manager | 2019-02-06 | 3.5 LOW | 5.4 MEDIUM |
| On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. | |||||
| CVE-2019-1000010 | 1 Phpipam | 1 Phpipam | 2019-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in 1.4. | |||||
| CVE-2019-7349 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in the view monitor (monitor.php) because proper filtration is omitted. | |||||
| CVE-2019-7348 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user (user.php) because proper filtration is omitted. | |||||
| CVE-2019-7344 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on the web page without applying any proper filtration. | |||||
| CVE-2019-7345 | 1 Zoneminder | 1 Zoneminder | 2019-02-05 | 3.5 LOW | 4.8 MEDIUM |
| Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php. | |||||