Search Results (Refine Search)
- Keyword (text search): xss
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-10393 |
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-field.php by adding a question mark (?) followed by the payload. Published: March 12, 2020; 10:15:13 AM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2020-10392 |
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-category.php by adding a question mark (?) followed by the payload. Published: March 12, 2020; 10:15:13 AM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2020-10391 |
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-article.php by adding a question mark (?) followed by the payload. Published: March 12, 2020; 10:15:13 AM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2020-10388 |
The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php (vulnerable file admin/include/functions-articles.php). Published: March 12, 2020; 10:15:13 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2020-10372 |
Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XSS via the vdms/ipmapping.jsp location field to the dms/rest/services/datastore/createOrEditValueForKey URI. Published: March 10, 2020; 5:15:13 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-12445 |
An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. A malicious user could execute JavaScript code on notes by importing a specially crafted project file. It allows XSS. Published: March 10, 2020; 11:15:15 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-12444 |
An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. Wiki Pages contained a lack of input validation which resulted in a persistent XSS vulnerability. Published: March 10, 2020; 11:15:15 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-12442 |
An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics. Published: March 10, 2020; 11:15:14 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-11345 |
Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS. Published: March 10, 2020; 10:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-9758 |
An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level access, leading to full account takeover. The attack fetches multiple credentials because they are stored in the database (stored XSS). This affects the mobile/chat URI via the lgn and psswrd parameters. Published: March 09, 2020; 3:15:15 PM -0400 |
V4.0:(not available) V3.1: 9.6 CRITICAL V2.0: 4.3 MEDIUM |
CVE-2020-10247 |
MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sighting_field.ctp. Published: March 09, 2020; 3:15:15 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-10246 |
MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is related to app/View/Users/statistics_orgs.ctp. Published: March 09, 2020; 3:15:15 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-10192 |
An issue was discovered in Munkireport before 5.3.0.3923. An unauthenticated actor can send a custom XSS payload through the /report/broken_client endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/views/listings/default.php. Published: March 09, 2020; 3:15:15 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-10191 |
An issue was discovered in MunkiReport before 5.3.0. An authenticated actor can send a custom XSS payload through the /module/comment/save endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/controllers/client.php:detail. Published: March 09, 2020; 3:15:15 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2020-2137 |
Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML formatting of its output, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission. Published: March 09, 2020; 12:15:12 PM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2015-7344 |
HikaShop Joomla Component before 2.6.0 has XSS via an injected payload[/caption]. Published: March 09, 2020; 10:15:11 AM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2015-7343 |
JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter. Published: March 09, 2020; 10:15:10 AM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2019-19773 |
Various Lexmark products have stored XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US. Published: March 06, 2020; 5:15:11 PM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-19772 |
Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US. Published: March 06, 2020; 5:15:11 PM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2020-10107 |
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS, as demonstrated by the ExpenseItem or ExpenseCost parameter in manage-expense.php. Published: March 05, 2020; 8:15:11 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |