Total
30469 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8951 | 1 Fiserv | 1 Accurate Reconciliation | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allows XSS via the Source or Destination field of the Configuration Manager (Configuration Parameter Translation) page. | |||||
| CVE-2020-3157 | 1 Cisco | 1 Identity Services Engine | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by crafting a malicious configuration and saving it to the targeted system. An exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information when an administrator views the configuration. An attacker would need write permissions to exploit this vulnerability successfully. | |||||
| CVE-2019-4665 | 1 Ibm | 1 Spectrum Scale | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171247. | |||||
| CVE-2013-3067 | 1 Linksys | 2 Wrt310n, Wrt310n Firmware | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS. | |||||
| CVE-2014-4559 | 1 Cybercompay | 1 Swipehq-payment-gateway-wp-e-commerce | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in test-plugin.php in the Swipe Checkout for WP e-Commerce plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) api_key, (2) payment_page_url, (3) merchant_id, (4) api_url, or (5) currency parameter. | |||||
| CVE-2014-9126 | 1 Open-school | 1 Open-school | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YII_CSRF_TOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas parameters to index.php. | |||||
| CVE-2013-7486 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions. | |||||
| CVE-2019-16564 | 1 Jenkins | 1 Pipeline Aggregator View | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content such as job display name or pipeline stage names. | |||||
| CVE-2019-17001 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-2019-17000.*Note: This flaw only affected Firefox 69 and was not present in earlier versions.*. This vulnerability affects Firefox < 70. | |||||
| CVE-2020-6163 | 1 Mediawiki | 1 Mediawiki | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file). | |||||
| CVE-2019-18426 | 1 Whatsapp | 2 Whatsapp, Whatsapp For Desktop | 2024-02-28 | 5.8 MEDIUM | 8.2 HIGH |
| A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message. | |||||
| CVE-2019-16763 | 1 Pannellum | 1 Pannellum | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs (or vbscript:), allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible potential attack would be if pannellum.htm was hosted on a domain that shared cookies with the targeted site's user authentication; an <iframe> could then be embedded on the attacker's site using pannellum.htm from the targeted site, which would allow the attacker to potentially access information from the targeted site as the authenticated user (or worse if the targeted site did not have adequate CSRF protections) if the user clicked on a hot spot in the attacker's embedded panorama viewer. This was patched in version 2.5.5. | |||||
| CVE-2019-19540 | 1 Cridio | 1 Listingpro | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage. | |||||
| CVE-2020-7228 | 1 Codepeople | 1 Calculated Fields Form | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user. | |||||
| CVE-2019-9538 | 1 Telos | 1 Automated Message Handling System | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | |||||
| CVE-2019-19385 | 1 Fusionpbx | 1 Fusionpbx | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter. | |||||
| CVE-2011-3622 | 1 Phorum | 1 Phorum | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18. | |||||
| CVE-2013-2101 | 2 Redhat, Theforeman | 2 Satellite, Katello | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| Katello has multiple XSS issues in various entities | |||||
| CVE-2019-0395 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), before version 4.2, allows execution of JavaScript in a text module in Fiori BI Launchpad, leading to Stored Cross Site Scripting vulnerability. | |||||
| CVE-2020-8089 | 1 Piwigo | 1 Piwigo | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page. | |||||