Search Results (Refine Search)
- Keyword (text search): xss
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-19493 |
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding. Published: July 10, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-6217 |
paypal/adaptivepayments-sdk-php v3.9.2 is vulnerable to a reflected XSS in the SetPaymentOptions.php resulting code execution Published: July 10, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-12724 |
An issue was discovered in the Teclib News plugin through 1.5.2 for GLPI. It allows a stored XSS attack via the $_POST['name'] parameter. Published: July 10, 2019; 10:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-17147 |
Nagios XI before 5.5.4 has XSS in the auto login admin management page. Published: July 10, 2019; 10:15:10 AM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-12627 |
An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the show_notification_list_issues or show_authorized_issues parameter. Published: July 10, 2019; 8:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-12626 |
An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS via the cat parameter. Published: July 10, 2019; 8:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-12625 |
An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter. Published: July 10, 2019; 8:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-12623 |
An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the current_page parameter. Published: July 10, 2019; 8:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-12622 |
An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the field_name parameter. Published: July 10, 2019; 8:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-13472 |
PHPWind 9.1.0 has XSS vulnerabilities in the c and m parameters of the index.php file. Published: July 09, 2019; 6:15:10 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-13380 |
KEYNTO Team Password Manager 1.5.0 allows XSS because data saved from websites is mishandled in the online vault. Published: July 09, 2019; 5:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-13070 |
A stored XSS vulnerability in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows a privileged attacker to embed malicious JavaScript in the SNMP trap receivers form. Upon visiting the /agent/action_recipient Event Action/Recipient page, the embedded code will be executed in the browser of the victim. Published: July 09, 2019; 3:15:12 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-8920 |
iart.php in XAMPP 1.7.0 has XSS, a related issue to CVE-2008-3569. Published: July 09, 2019; 2:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-13397 |
Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via arbitrary file extension while creating a support ticket. Published: July 09, 2019; 1:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-12748 |
TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS. Published: July 09, 2019; 11:15:10 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-13414 |
The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/rencontre_widget.php. Published: July 08, 2019; 10:15:10 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-13345 |
The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter. Published: July 05, 2019; 12:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-14027 |
Digisol Wireless Wifi Home Router HR-3300 allows XSS via the userid or password parameter to the admin login page. Published: July 05, 2019; 12:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-13341 |
In MiniCMS V1.10, stored XSS was found in mc-admin/conf.php (comment box), which can be used to get a user's cookie. Published: July 05, 2019; 11:16:22 AM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2019-13340 |
In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the content box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, CVE-2018-20520, and CVE-2019-13186. Published: July 05, 2019; 11:16:22 AM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |