Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-9244 | 1 Gitlab | 1 Gitlab | 2019-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature). This is fixed in 10.6.3, 10.5.7, and 10.4.7. | |||||
| CVE-2018-9243 | 1 Gitlab | 1 Gitlab | 2019-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7. | |||||
| CVE-2018-9163 | 1 Zohocorp | 1 Manageengine Recovery Manager Plus | 2019-02-27 | 3.5 LOW | 5.4 MEDIUM |
| A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do. | |||||
| CVE-2019-8410 | 1 Maccms | 1 Maccms | 2019-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key). | |||||
| CVE-2019-8939 | 1 Tautulli | 1 Tautulli | 2019-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page. | |||||
| CVE-2019-6595 | 1 F5 | 1 Big-ip Access Policy Manager | 2019-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in F5 BIG-IP Access Policy Manager (APM) 11.5.x and 11.6.x Admin Web UI. | |||||
| CVE-2018-20010 | 1 Domainmod | 1 Domainmod | 2019-02-26 | 3.5 LOW | 4.8 MEDIUM |
| DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field. | |||||
| CVE-2019-6263 | 1 Joomla | 1 Joomla\! | 2019-02-26 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS. | |||||
| CVE-2019-6261 | 1 Joomla | 1 Joomla\! | 2019-02-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability. | |||||
| CVE-2019-6262 | 1 Joomla | 1 Joomla\! | 2019-02-26 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS. | |||||
| CVE-2018-20240 | 1 Atlassian | 2 Crucible, Fisheye | 2019-02-26 | 3.5 LOW | 4.8 MEDIUM |
| The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter. | |||||
| CVE-2018-20241 | 1 Atlassian | 2 Crucible, Fisheye | 2019-02-26 | 3.5 LOW | 5.4 MEDIUM |
| The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter. | |||||
| CVE-2019-6264 | 1 Joomla | 1 Joomla\! | 2019-02-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability. | |||||
| CVE-2019-9168 | 1 Woocommerce | 1 Woocommerce | 2019-02-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| WooCommerce before 3.5.5 allows XSS via a Photoswipe caption. | |||||
| CVE-2018-19914 | 1 Domainmod | 1 Domainmod | 2019-02-26 | 3.5 LOW | 4.8 MEDIUM |
| DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field. | |||||
| CVE-2018-20011 | 1 Domainmod | 1 Domainmod | 2019-02-26 | 3.5 LOW | 4.8 MEDIUM |
| DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field. | |||||
| CVE-2018-16638 | 1 Modx | 1 Evolution Cms | 2019-02-26 | 3.5 LOW | 5.4 MEDIUM |
| Evolution CMS 1.4.x allows XSS via the manager/ search parameter. | |||||
| CVE-2018-20009 | 1 Domainmod | 1 Domainmod | 2019-02-26 | 3.5 LOW | 4.8 MEDIUM |
| DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field. | |||||
| CVE-2018-16637 | 1 Modx | 1 Evolution Cms | 2019-02-26 | 3.5 LOW | 5.4 MEDIUM |
| Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI. | |||||
| CVE-2018-16632 | 1 Jupo | 1 Mezzanine | 2019-02-26 | 3.5 LOW | 4.8 MEDIUM |
| Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title parameter at admin/blog/blogpost/add/. | |||||