Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8440 | 1 Dilicms | 1 Dilicms | 2019-03-08 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the third textbox (aka site logo) of "System setting->site setting" of admin/index.php, aka site_logo. | |||||
| CVE-2019-8438 | 1 Dilicms | 1 Dilicms | 2019-03-08 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the first textbox of "System setting->site setting" of admin/index.php, aka site_name. | |||||
| CVE-2019-8439 | 1 Dilicms | 1 Dilicms | 2019-03-08 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the second textbox of "System setting->site setting" of admin/index.php, aka site_domain. | |||||
| CVE-2017-15515 | 1 Netapp | 1 Snapcenter Server | 2019-03-07 | 3.5 LOW | 4.8 MEDIUM |
| NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field. | |||||
| CVE-2018-1000129 | 1 Jolokia | 1 Jolokia | 2019-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser. | |||||
| CVE-2016-6857 | 1 Sap | 1 Hybris | 2019-03-07 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Create Catalogue feature in Hybris Management Console (HMC) in SAP Hybris before 5.2.0.13, 5.3.x before 5.3.0.11, 5.4.x before 5.4.0.11, 5.5.0.x before 5.5.0.10, 5.5.1.x before 5.5.1.11, 5.6.x before 5.6.0.11, and 5.7.x before 5.7.0.15 allows remote authenticated users to inject arbitrary web script or HTML via the ID field. | |||||
| CVE-2019-8278 | 1 Invisioncommunity | 1 Invision Power Board | 2019-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution. | |||||
| CVE-2018-10059 | 1 Cacti | 1 Cacti | 2019-03-07 | 3.5 LOW | 5.4 MEDIUM |
| Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name. | |||||
| CVE-2018-10752 | 1 Tagregator Project | 1 Tagregator | 2019-03-07 | 3.5 LOW | 4.8 MEDIUM |
| The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action. | |||||
| CVE-2018-10118 | 1 Monstra | 1 Monstra | 2019-03-07 | 3.5 LOW | 4.8 MEDIUM |
| Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php. | |||||
| CVE-2016-7891 | 2 Adobe, Microsoft | 2 Robohelp, Windows | 2019-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe RoboHelp version 2015.0.3 and earlier, RoboHelp 11 and earlier have an input validation issue that could be used in cross-site scripting attacks. | |||||
| CVE-2019-9606 | 1 Personal Video Collection Script Project | 1 Personal Video Collection Script | 2019-03-07 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Personal Video Collection Script 4.0.4 has Stored XSS via the "Update profile" feature. | |||||
| CVE-2019-9595 | 1 Appcms | 1 Appcms | 2019-03-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| AppCMS 2.0.101 allows XSS via the upload/callback.php params parameter. | |||||
| CVE-2019-6228 | 1 Apple | 2 Iphone Os, Safari | 2019-03-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue is fixed in iOS 12.1.3, Safari 12.0.3. Processing maliciously crafted web content may lead to a cross site scripting attack. | |||||
| CVE-2019-9575 | 1 Quizandsurveymaster | 1 Quiz And Survey Master | 2019-03-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Quiz And Survey Master plugin 6.0.4 for WordPress allows wp-admin/admin.php?page=mlw_quiz_results quiz_id XSS. | |||||
| CVE-2019-9570 | 1 Yzmcms | 1 Yzmcms | 2019-03-05 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/system_manage/save.html URI, related to the site_code parameter. | |||||
| CVE-2018-5671 | 1 Booking Calendar Project | 1 Booking Calendar | 2019-03-05 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php extra_field1[items][field_item1][price_percent] parameter. | |||||
| CVE-2018-5666 | 1 Responsive Coming Soon Page Project | 1 Responsive Coming Soon Page | 2019-03-05 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php bg_color parameter. | |||||
| CVE-2018-5670 | 1 Booking Calendar Project | 1 Booking Calendar | 2019-03-05 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php sale_conditions[count][] parameter. | |||||
| CVE-2018-5672 | 1 Booking Calendar Project | 1 Booking Calendar | 2019-03-05 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php form_field5[label] parameter. | |||||