Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9276 | 1 Smartertools | 1 Smartermail | 2019-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using an XSS attack, as the password reset page did not need the current password. | |||||
| CVE-2019-6777 | 1 Zoneminder | 1 Zoneminder | 2019-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter. | |||||
| CVE-2018-14846 | 1 Mondula | 1 Multi Step Form | 2019-01-24 | 3.5 LOW | 5.4 MEDIUM |
| The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php. | |||||
| CVE-2017-18358 | 1 Limesurvey | 1 Limesurvey | 2019-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| LimeSurvey before 2.72.4 has Stored XSS by using the Continue Later (aka Resume later) feature to enter an email address, which is mishandled in the admin panel. | |||||
| CVE-2018-16199 | 1 Toshiba | 4 Hem-gw16a, Hem-gw16a Firmware, Hem-gw26a and 1 more | 2019-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-0698 | 1 Weseek | 1 Growi | 2019-01-23 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-16206 | 1 Ohtanz | 1 Spam-byebye | 2019-01-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WordPress plugin spam-byebye 2.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-20682 | 1 Fork-cms | 1 Fork Cms | 2019-01-23 | 3.5 LOW | 5.4 MEDIUM |
| Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section). | |||||
| CVE-2016-10737 | 1 S9y | 1 Serendipity | 2019-01-23 | 3.5 LOW | 5.4 MEDIUM |
| Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter. | |||||
| CVE-2018-20731 | 1 Nedi | 1 Nedi | 2019-01-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via User-Chat.php. | |||||
| CVE-2018-20729 | 1 Nedi | 1 Nedi | 2019-01-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via the reg parameter in mh.php. | |||||
| CVE-2019-0646 | 1 Microsoft | 1 Team Foundation Server | 2019-01-22 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team. | |||||
| CVE-2019-6278 | 1 Jpress | 1 Jpress | 2019-01-18 | 3.5 LOW | 5.4 MEDIUM |
| XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option. | |||||
| CVE-2019-6248 | 1 Citysearch \/ Hotfrog \/ Gelbeseiten Clone Script Project | 1 Citysearch \/ Hotfrog \/ Gelbeseiten Clone Script | 2019-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 has Reflected XSS via the srch parameter, as demonstrated by restaurants-details.php. | |||||
| CVE-2018-16193 | 1 Nec | 4 Aterm Wf1200cr, Aterm Wf1200cr Firmware, Aterm Wg1200cr and 1 more | 2019-01-17 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-0238 | 1 Sap | 1 Hybris | 2019-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Commerce (previously known as SAP Hybris Commerce), before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-16180 | 1 Daj | 1 I-filter | 2019-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-20524 | 1 Urlchatbox | 1 Chat Anywhere | 2019-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted use of <<a> in a message, because a danmuWrapper DIV element in chatbox-only\danmu.js is outside the scope of a Content Security Policy (CSP). | |||||
| CVE-2019-0245 | 1 Sap | 3 Customer Relationship Management Webclient Ui, S4fnd, Sapscore | 2019-01-17 | 3.5 LOW | 5.4 MEDIUM |
| SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-0244 | 1 Sap | 3 Customer Relationship Management Webclient Ui, S4fnd, Sapscore | 2019-01-17 | 3.5 LOW | 5.4 MEDIUM |
| SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||