Search Results (Refine Search)
- Keyword (text search): xss
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-20868 |
cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464). Published: July 30, 2019; 11:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-20866 |
cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature (SEC-461). Published: July 30, 2019; 11:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-20865 |
cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459). Published: July 30, 2019; 11:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-14390 |
cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512). Published: July 30, 2019; 9:15:18 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-14387 |
cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506). Published: July 30, 2019; 9:15:18 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-14386 |
cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504). Published: July 30, 2019; 9:15:18 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-18570 |
Planon before Live Build 41 has XSS. Published: July 29, 2019; 7:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-11199 |
Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. The vulnerabilities could be exploited by low privileged users to target administrators. The viewimage.php page did not perform any contextual output encoding and would display the content within the uploaded file with a user-requested MIME type. Published: July 29, 2019; 12:15:11 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2015-6960 |
edx-platform before 2015-09-17 allows XSS via a team name. Published: July 29, 2019; 12:15:11 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2015-6253 |
edx-platform before 2015-08-17 allows XSS in the Studio listing of courses. Published: July 29, 2019; 12:15:11 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-1020008 |
stacktable.js before 1.0.4 allows XSS. Published: July 29, 2019; 11:15:12 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-1020007 |
Dependency-Track before 3.5.1 allows XSS. Published: July 29, 2019; 11:15:12 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-1020005 |
invenio-communities before 1.0.0a20 allows XSS. Published: July 29, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-1020003 |
invenio-records before 1.2.2 allows XSS. Published: July 29, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-1020019 |
invenio-previewer before 1.0.0a12 allows XSS. Published: July 29, 2019; 10:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-14364 |
An XSS vulnerability in the "Email Subscribers & Newsletters" plugin 4.1.6 for WordPress allows an attacker to inject malicious JavaScript code through a publicly available subscription form using the esfpx_name wp-admin/admin-ajax.php POST parameter. Published: July 28, 2019; 2:15:11 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-14350 |
EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base. A malicious attacker can inject JavaScript code in the body parameter during api/v1/KnowledgeBaseArticle knowledge-base record creation. Published: July 28, 2019; 12:15:10 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-14349 |
EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the api/v1/Document functionality for storing documents in the account tab. An attacker can upload a crafted file that contains JavaScript code in its name. This code will be executed when a user opens a page of any profile with this. Published: July 28, 2019; 12:15:10 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-14331 |
An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create User. A malicious attacker can modify the firstName and lastName to contain JavaScript code. Published: July 28, 2019; 10:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-14330 |
An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create Case. A malicious attacker can modify the firstName and lastName to contain JavaScript code. Published: July 28, 2019; 10:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |