U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): xss
There are 7,922 matching records.
Displaying matches 5,481 through 5,500.
Vuln ID Summary CVSS Severity
CVE-2017-18481

cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211).

Published: August 05, 2019; 9:15:12 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-18473

cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199).

Published: August 05, 2019; 9:15:12 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-18472

cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198).

Published: August 05, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-18471

cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197).

Published: August 05, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2016-10774

cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172).

Published: August 05, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2016-10767

cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159).

Published: August 05, 2019; 9:15:11 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2019-14653

pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element.

Published: August 03, 2019; 10:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-7881

A cross-site scripting mitigation bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user to escalate privileges (admin vs. admin XSS attack).

Published: August 02, 2019; 6:15:16 PM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2019-6968

The web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS because HTML form parameters are directly reflected.

Published: August 02, 2019; 5:15:11 PM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-18456

cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217).

Published: August 02, 2019; 1:15:13 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-18454

cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262).

Published: August 02, 2019; 1:15:13 PM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-18420

cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269).

Published: August 02, 2019; 12:15:11 PM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-18419

cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266).

Published: August 02, 2019; 12:15:11 PM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-18418

cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265).

Published: August 02, 2019; 12:15:11 PM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-18417

cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263).

Published: August 02, 2019; 12:15:11 PM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-18408

cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282).

Published: August 02, 2019; 10:15:13 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-18402

cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336).

Published: August 02, 2019; 10:15:12 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2019-14517

pandao Editor.md 1.5.0 allows XSS via the Javascript: string.

Published: August 01, 2019; 7:15:11 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-5401

A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). But admin privileges are required to configure these fields thereby reducing the likelihood of exploit. HPE Aruba has provided firmware updates to resolve the vulnerability in HP 2910-48G al Switch. Please update to W.15.14.0017.

Published: August 01, 2019; 6:15:12 PM -0400 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2016-10813

cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118).

Published: August 01, 2019; 3:15:12 PM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW