Search Results (Refine Search)
- Keyword (text search): xss
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-18481 |
cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211). Published: August 05, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-18473 |
cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199). Published: August 05, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-18472 |
cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198). Published: August 05, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-18471 |
cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197). Published: August 05, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2016-10774 |
cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172). Published: August 05, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2016-10767 |
cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159). Published: August 05, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-14653 |
pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element. Published: August 03, 2019; 10:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-7881 |
A cross-site scripting mitigation bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user to escalate privileges (admin vs. admin XSS attack). Published: August 02, 2019; 6:15:16 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-6968 |
The web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS because HTML form parameters are directly reflected. Published: August 02, 2019; 5:15:11 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-18456 |
cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217). Published: August 02, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-18454 |
cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262). Published: August 02, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-18420 |
cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269). Published: August 02, 2019; 12:15:11 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-18419 |
cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266). Published: August 02, 2019; 12:15:11 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-18418 |
cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265). Published: August 02, 2019; 12:15:11 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-18417 |
cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263). Published: August 02, 2019; 12:15:11 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-18408 |
cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282). Published: August 02, 2019; 10:15:13 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-18402 |
cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336). Published: August 02, 2019; 10:15:12 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-14517 |
pandao Editor.md 1.5.0 allows XSS via the Javascript: string. Published: August 01, 2019; 7:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-5401 |
A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). But admin privileges are required to configure these fields thereby reducing the likelihood of exploit. HPE Aruba has provided firmware updates to resolve the vulnerability in HP 2910-48G al Switch. Please update to W.15.14.0017. Published: August 01, 2019; 6:15:12 PM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2016-10813 |
cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118). Published: August 01, 2019; 3:15:12 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |