Search Results (Refine Search)
- Keyword (text search): xss
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-17609 |
HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter. Published: October 16, 2019; 6:15:10 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-17608 |
HongCMS 3.0.0 has XSS via the install/index.php dbname parameter. Published: October 16, 2019; 6:15:10 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-17607 |
HongCMS 3.0.0 has XSS via the install/index.php servername parameter. Published: October 16, 2019; 6:15:10 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-17663 |
D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessage in the device common gateway interface, leading to common injection. Published: October 16, 2019; 2:15:25 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-17578 |
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Sender email for automatic emails (default value in php.ini: Undefined)" field. Published: October 16, 2019; 2:15:25 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-17577 |
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails (fields 'Errors-To' in emails sent)" field. Published: October 16, 2019; 2:15:25 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-17576 |
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit URI via the "Send all emails to (instead of real recipients, for test purposes)" field. Published: October 16, 2019; 2:15:25 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-16523 |
The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin. Published: October 16, 2019; 11:15:15 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-16522 |
The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An attacker with high privileges can attack other users. Published: October 16, 2019; 11:15:15 AM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2019-16521 |
The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payload in the s_filter GET parameter in a filter_id=search request. NOTE: this is an end-of-life product. Published: October 16, 2019; 11:15:15 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-17630 |
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen. Published: October 16, 2019; 10:15:14 AM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2019-17629 |
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen. Published: October 16, 2019; 10:15:14 AM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2019-16520 |
The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement. Published: October 16, 2019; 10:15:13 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-17625 |
There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for Node.js and Electron, such as an exec of OS commands within the onerror attribute of an IMG element. Published: October 16, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.1: 9.0 CRITICAL V2.0: 8.5 HIGH |
CVE-2016-11016 |
NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS. Published: October 16, 2019; 7:15:13 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-14227 |
OX App Suite 7.10.1 and 7.10.2 allows XSS. Published: October 14, 2019; 1:15:09 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-17579 |
SonarSource SonarQube before 7.8 has XSS in project links on account/projects. Published: October 14, 2019; 11:15:10 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-17535 |
Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647. Published: October 13, 2019; 2:15:10 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-17522 |
A stored XSS vulnerability was discovered in Hotaru CMS v1.7.2 via the admin_index.php?page=settings SITE NAME field (aka SITE_NAME), a related issue to CVE-2011-4709.1. Published: October 12, 2019; 2:15:16 PM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2019-17176 |
Genesys PureEngage Digital (eServices) 8.1.x allows XSS via HtmlChatPanel.jsp or HtmlChatFrameSet.jsp (ActionColor, ClientNickNameColor, Email, email, or email_address parameter). Published: October 11, 2019; 5:15:08 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |