U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): xss
There are 7,922 matching records.
Displaying matches 5,521 through 5,540.
Vuln ID Summary CVSS Severity
CVE-2018-20910

cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357).

Published: August 01, 2019; 11:15:13 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-20903

cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421).

Published: August 01, 2019; 11:15:13 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-20901

cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400).

Published: August 01, 2019; 11:15:12 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10854

cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87).

Published: August 01, 2019; 11:15:12 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2016-10853

cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86).

Published: August 01, 2019; 11:15:12 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2016-10851

cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84).

Published: August 01, 2019; 11:15:12 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2013-7474

Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit or admin/content/add, or the username parameter to admin/users.

Published: August 01, 2019; 11:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-20900

cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399).

Published: August 01, 2019; 10:15:13 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-20899

cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398).

Published: August 01, 2019; 10:15:12 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-14338

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a post-authentication admin.cgi?action= XSS vulnerability on the management interface.

Published: August 01, 2019; 9:15:14 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-20884

cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367).

Published: August 01, 2019; 9:15:13 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2018-20881

cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446).

Published: August 01, 2019; 9:15:12 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2018-20878

cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface (SEC-441).

Published: August 01, 2019; 9:15:12 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2018-20877

cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437).

Published: August 01, 2019; 9:15:12 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2018-20876

cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434).

Published: August 01, 2019; 9:15:12 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2018-20875

cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433).

Published: August 01, 2019; 9:15:12 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2018-20874

cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface (SEC-428).

Published: August 01, 2019; 9:15:12 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2019-14456

Opengear console server firmware releases prior to 4.5.0 have a stored XSS vulnerability related to serial port logging. If a malicious user of an external system (connected to a serial port on an Opengear console server) sends crafted text to a serial port (that has logging enabled), the text will be replayed when the logs are viewed. Exploiting this vulnerability requires access to the serial port and/or console server.

Published: July 31, 2019; 5:15:11 PM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2018-20859

edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem.

Published: July 30, 2019; 3:15:12 PM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-14406

cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493).

Published: July 30, 2019; 11:15:11 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM