Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6267 | 1 Premiumwpsuite | 1 Easy Redirect Manager | 2019-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for WordPress has XSS via a crafted GET request that is mishandled during log viewing at the templates/admin/redirect-log.php URI. | |||||
| CVE-2018-1772 | 1 Ibm | 1 Spss Analytic Server | 2019-01-17 | 3.5 LOW | 5.4 MEDIUM |
| IBM SPSS Analytic Server 3.1.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148689. | |||||
| CVE-2015-9279 | 1 Mailenable | 1 Mailenable | 2019-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message. | |||||
| CVE-2018-16164 | 1 Web-dorado | 1 Event Calendar Wd | 2019-01-16 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-16205 | 1 Weseek | 1 Growi | 2019-01-16 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via New Page modal. | |||||
| CVE-2018-20703 | 1 Cubecart | 1 Cubecart | 2019-01-16 | 3.5 LOW | 5.4 MEDIUM |
| CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string. | |||||
| CVE-2019-6243 | 1 Frog Cms Project | 1 Frog Cms | 2019-01-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI). | |||||
| CVE-2018-8827 | 1 Technicolor | 2 Tg789vac, Tg789vac Firmware | 2019-01-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS. | |||||
| CVE-2018-20326 | 1 Chinamobile | 2 Gpn2.4p21-c-cn, Gpn2.4p21-c-cn Firmware | 2019-01-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have XSS via the cgi-bin/webproc?getpage=html/index.html var:subpage parameter. | |||||
| CVE-2019-3501 | 1 Ougc Awards Project | 1 Ougc Awards | 2019-01-15 | 3.5 LOW | 4.8 MEDIUM |
| The OUGC Awards plugin before 1.8.19 for MyBB allows XSS via a crafted award reason that is mishandled on the awards page or in a user profile. | |||||
| CVE-2018-20663 | 1 Haulmont | 2 Cuba Platform, Reporting | 2019-01-15 | 3.5 LOW | 5.4 MEDIUM |
| The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the "Reports > Reports" name field. | |||||
| CVE-2018-20583 | 1 Thephpleague | 1 Commonmark | 2019-01-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote attackers to insert unsafe URLs into HTML (even if allow_unsafe_links is false) via a newline character (e.g., writing javascript as javascri%0apt). | |||||
| CVE-2018-20594 | 1 Hsweb | 1 Hsweb | 2019-01-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java. | |||||
| CVE-2018-20368 | 1 Averta | 1 Master Slider | 2019-01-15 | 3.5 LOW | 5.4 MEDIUM |
| The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback. | |||||
| CVE-2018-20369 | 1 Barracuda | 1 Message Archiver | 2019-01-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module. The injection point of the issue is the Add_Update module. | |||||
| CVE-2016-10736 | 1 Devpups | 1 Social Pug | 2019-01-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "Social Pug - Easy Social Share Buttons" plugin before 1.2.6 for WordPress allows XSS via the wp-admin/admin.php?page=dpsp-toolkit dpsp_message_class parameter. | |||||
| CVE-2018-1000826 | 1 Microweber | 1 Microweber | 2019-01-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Microweber version <= 1.0.7 contains a Cross Site Scripting (XSS) vulnerability in Admin login form template that can result in Execution of JavaScript code. | |||||
| CVE-2018-14481 | 1 Osclass | 1 Osclass | 2019-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280. | |||||
| CVE-2018-18005 | 1 Vivotek | 1 Camera | 2019-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter. | |||||
| CVE-2018-18244 | 1 Vivotek | 1 Camera | 2019-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header. | |||||