Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8334 | 1 Schoolcms | 1 Schoolcms | 2019-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&viewid=[XSS]. | |||||
| CVE-2019-8335 | 1 Schoolcms | 1 Schoolcms | 2019-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&id=[XSS]. | |||||
| CVE-2019-7748 | 1 Dbninja | 1 Dbninja | 2019-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| _includes\online.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if _users/admin/tasks.php exists. | |||||
| CVE-2019-7693 | 1 Axiositalia | 1 Registro Elettronico | 2019-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Axios Italia Axios RE 1.7.0/7.0.0 devices have XSS via the RELogOff.aspx Error_Parameters parameter. In some situations, the XSS would be on the family.axioscloud.it cloud service; however, the vendor also supports "Sissi in Rete (con server)" for offline operation. | |||||
| CVE-2015-4540 | 1 Emc | 1 Rsa Identity Management And Governance | 2019-02-12 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 6.8.1 P18 and 6.9.x before 6.9.1 P6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-5347 | 1 Apache | 1 Wicket | 2019-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 might allow remote attackers to inject arbitrary web script or HTML via a ModalWindow title. | |||||
| CVE-2019-7753 | 1 Verydows | 1 Verydows | 2019-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Verydows 2.0 has XSS via the index.php?m=api&c=stats&a=count referrer parameter. | |||||
| CVE-2019-3923 | 1 Tenable | 1 Nessus | 2019-02-12 | 3.5 LOW | 5.4 MEDIUM |
| Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser session. Tenable has released Nessus 8.2.2 to address this issue. | |||||
| CVE-2015-3012 | 3 Debian, Kogmbh, Owncloud | 3 Debian Linux, Webodf, Owncloud | 2019-02-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) javascript or (4) data URI. | |||||
| CVE-2018-12241 | 1 Symantec | 1 Security Analytics | 2019-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP address can craft a malicious URL for the SA web UI and target SA web UI users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious JavaScript code into the SA web UI client application. | |||||
| CVE-2019-7677 | 1 Enphase | 1 Envoy | 2019-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888. | |||||
| CVE-2018-20778 | 1 Frog Cms Project | 1 Frog Cms | 2019-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element. | |||||
| CVE-2018-20774 | 1 Frog Cms Project | 1 Frog Cms | 2019-02-11 | 3.5 LOW | 5.4 MEDIUM |
| Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field. | |||||
| CVE-2018-20777 | 1 Frog Cms Project | 1 Frog Cms | 2019-02-11 | 3.5 LOW | 5.4 MEDIUM |
| Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field. | |||||
| CVE-2019-7545 | 1 Dbninja | 1 Dbninja | 2019-02-08 | 3.5 LOW | 5.4 MEDIUM |
| In DbNinja 3.2.7, the Add Host function of the Manage Hosts pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name field. | |||||
| CVE-2019-7544 | 1 Mywebsql | 1 Mywebsql | 2019-02-07 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in MyWebSQL 3.7. The Add User function of the User Manager pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name Field. | |||||
| CVE-2018-17193 | 1 Apache | 1 Nifi | 2019-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. Mitigation: The fix to correctly parse and sanitize the request attribute value was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release. | |||||
| CVE-2015-3361 | 1 Linkit Project | 1 Linkit | 2019-02-07 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Linkit module before 7.x-2.7 and 7.x-3.x before 7.x-3.3 for Drupal, when the node search plugin is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a node title. | |||||
| CVE-2019-7567 | 1 Bijiadao | 1 Waimai Super Cms | 2019-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member&a=adminaddsave has XSS via the username or password parameter. | |||||
| CVE-2018-1000998 | 1 Freebsd | 1 Cvsweb | 2019-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. It might impact other sites on same domain. This attack appears to be exploitable via victim must load specially crafted url. This vulnerability appears to have been fixed in 3.x. | |||||