Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7325 | 1 Zoneminder | 1 Zoneminder | 2019-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper filtration. | |||||
| CVE-2018-1000841 | 1 Zend | 1 Zendto | 2019-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser.. This attack appear to be exploitable via HTTP POST request. This vulnerability appears to have been fixed in 5.16-1 Beta. | |||||
| CVE-2018-19922 | 1 Actiontec | 2 C1000a, C1000a Firmware | 2019-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd' URL parameter in a /urlfilter.cmd POST request. | |||||
| CVE-2018-19041 | 1 Media File Manager Project | 1 Media File Manager | 2019-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI. | |||||
| CVE-2018-18940 | 1 Netscape | 1 Enterprise Server | 2019-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. NOTE: this product is discontinued. | |||||
| CVE-2019-7295 | 1 Typora | 1 Typora | 2019-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| typora through 0.9.63 has XSS, with resultant remote command execution, during block rendering of a mathematical formula. | |||||
| CVE-2019-7296 | 1 Typora | 1 Typora | 2019-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| typora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula. | |||||
| CVE-2019-7250 | 1 Cross Reference Project | 1 Cross Reference | 2019-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the Cross Reference Add-on 36 for Google Docs. Stored XSS in the preview boxes in the configuration panel may allow a malicious user to use both label text and references text to inject arbitrary JavaScript code (via SCRIPT elements, event handlers, etc.). Since this code is stored by the plugin, the attacker may be able to target anyone who opens the configuration panel of the plugin. | |||||
| CVE-2018-12611 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite 7.8.4 and earlier allows Directory Traversal. | |||||
| CVE-2018-19782 | 1 Freshrss | 1 Freshrss | 2019-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) c parameter or (2) a parameter. | |||||
| CVE-2014-9716 | 1 Kogmbh | 1 Webodf | 2019-01-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebODF before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via a file name. | |||||
| CVE-2018-1000415 | 1 Rebuild Project | 1 Rebuild | 2019-01-30 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugin 1.28 and earlier in RebuildAction/BooleanParameterValue.jelly, RebuildAction/ExtendedChoiceParameterValue.jelly, RebuildAction/FileParameterValue.jelly, RebuildAction/LabelParameterValue.jelly, RebuildAction/ListSubversionTagsParameterValue.jelly, RebuildAction/MavenMetadataParameterValue.jelly, RebuildAction/NodeParameterValue.jelly, RebuildAction/PasswordParameterValue.jelly, RebuildAction/RandomStringParameterValue.jelly, RebuildAction/RunParameterValue.jelly, RebuildAction/StringParameterValue.jelly, RebuildAction/TextParameterValue.jelly, RebuildAction/ValidatingStringParameterValue.jelly that allows users with Job/Configuration permission to insert arbitrary HTML into rebuild forms. | |||||
| CVE-2018-20071 | 1 Google | 1 Chrome | 2019-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker controled files via a crafted HTML page. | |||||
| CVE-2018-20367 | 1 Wstmart | 1 Wstmart | 2019-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "mall some commodity details: commodity consultation" component in WSTMart 2.0.8_181212 has stored XSS via the consultContent parameter, as demonstrated by the index.php/home/goodsconsult/add.html URI. | |||||
| CVE-2019-6992 | 1 Zoneminder | 1 Zoneminder | 2019-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI. | |||||
| CVE-2019-7172 | 1 Atutor | 1 Atutor | 2019-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php. | |||||
| CVE-2019-7168 | 1 Croogo | 1 Croogo | 2019-01-29 | 3.5 LOW | 4.8 MEDIUM |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog. | |||||
| CVE-2019-7169 | 1 Croogo | 1 Croogo | 2019-01-29 | 3.5 LOW | 4.8 MEDIUM |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3. | |||||
| CVE-2019-7170 | 1 Croogo | 1 Croogo | 2019-01-29 | 3.5 LOW | 4.8 MEDIUM |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies. | |||||
| CVE-2019-7171 | 1 Croogo | 1 Croogo | 2019-01-29 | 3.5 LOW | 4.8 MEDIUM |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8. | |||||