) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Keyword (text search): xss
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2019-15478 |
Status Board 1.1.81 has reflected XSS via logic.ts. Published: August 26, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-6154 |
The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect). Published: August 23, 2019; 6:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
| CVE-2019-5594 |
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. Published: August 23, 2019; 5:15:12 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-15492 |
openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21. Published: August 23, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-15488 |
Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test. Published: August 23, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-15487 |
DfE School Experience before v16333-GA has XSS via a teacher training URL. Published: August 23, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-15486 |
django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline. Published: August 23, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-15485 |
Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php. Published: August 23, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-15484 |
Bolt before 3.6.10 has XSS via an image's alt or title field. Published: August 23, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-15483 |
Bolt before 3.6.10 has XSS via a title that is mishandled in the system log. Published: August 23, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-15482 |
selectize-plugin-a11y before 1.1.0 has XSS via the msg field. Published: August 23, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-15481 |
Kimai v2 before 1.1 has XSS via a timesheet description. Published: August 23, 2019; 9:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-15480 |
Domoticz 4.10717 has XSS via item.Name. Published: August 23, 2019; 9:15:10 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2019-15477 |
Jooby before 1.6.4 has XSS via the default error handler. Published: August 23, 2019; 9:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-15476 |
Former before 4.2.1 has XSS via a checkbox value. Published: August 23, 2019; 9:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-15499 |
CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL. Published: August 23, 2019; 12:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-15328 |
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS. Published: August 22, 2019; 4:15:12 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-15327 |
The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data. Published: August 22, 2019; 4:15:12 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2018-20986 |
The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors. Published: August 22, 2019; 4:15:11 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2017-18579 |
The corner-ad plugin before 1.0.8 for WordPress has XSS. Published: August 22, 2019; 4:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |