CWE:
 

Topic
Date
Author
Low
LimeSurvey 4.1.11 Cross Site Scripting
07.04.2020
Matthew Aberegg
Low
Vanguard 2.1 Cross Site Scripting
07.04.2020
thelastvvv
Low
WhatsApp Desktop 0.3.9308 Cross Site Scripting
07.04.2020
Gal Weizman
Low
MicroStrategy Intelligence Server And Web 10.4 XSS / Disclosure / SSRF / Code Execution
04.04.2020
redtimmysec
Med.
DesignMasterEvents CMS 1.0 SQL Injection / Cross Site Scripting
30.03.2020
thelastvvv
Med.
Webexcels Ecommerce CMS 2.x SQL Injection / Cross Site Scripting
29.03.2020
thelastvvv
Low
LeptonCMS 4.5.0 Cross Site Scripting
29.03.2020
SunCSR
Low
UliCMS 2020.1 Cross Site Scripting
29.03.2020
SunCSR
Low
codeBeamer 9.5 Cross Site Scripting
29.03.2020
Georg Ph E Heise
Low
Micro Focus Vibe 4.0.6 HTML Injection
29.03.2020
Dr. Vladimir Bostanov
Med.
SharePoint Workflows XOML Injection
25.03.2020
thelastvvv
Med.
SialWeb CMS eCommerce 1.0 / 1.1 Cross Site Scripting / SQL Injection
25.03.2020
thelastvvv
Med.
FIBARO System Home Center 5.021 Remote File Inclusion / XSS
24.03.2020
LiquidWorm
Med.
Oce Colorwave 500 CSRF / XSS / Authentication Bypass
20.03.2020
Marco Ortisi
Low
Zyxel CNM SecuManager 3.1.0 / 3.1.1 Hardcoded Keys / XSS / Code Execution
15.03.2020
Pierre Kim
Low
PHP Scripts Mall website-seller Script 2.0.5 Reflected XSS.
14.03.2020
Sukanta Beniya
Low
YzmCMS 5.5 Cross Site Scripting
10.03.2020
En_dust
Low
Alfresco 5.2.4 Cross Site Scripting
04.03.2020
Alexandre Zanni
Low
İstanbul Teknik University XSS vul
03.03.2020
Furkan Özer
Low
DirectWeb 0.4.0 Cross Site Scripting
29.02.2020
indoushka
Low
PHP-Fusion CMS 9.03 Cross Site Scripting
28.02.2020
R. Jaafar
Low
WordPress WP Sitemap Page 1.6.2 Cross Site Scripting
19.02.2020
UltraSecurityTeam
Low
WordPress Fruitful 3.8 Cross Site Scripting
19.02.2020
AmirMohammad Safari
Low
CHIYU BF430 TCP IP Converter Cross Site Scripting
12.02.2020
Luca.Chiou
Low
Forcepoint WebSecurity 8.5 Cross Site Scripting
11.02.2020
Prasenjit Kanti Paul
Low
LearnDash WordPress LMS 3.1.2 Cross Site Scripting
11.02.2020
Jinson Varghese Behana...
Low
Vanilla Forum 2.6.3 Cross Site Scripting
11.02.2020
Sayak Naskar
Low
IceWarp WebMail 11.4.4.1 Cross Site Scripting
28.01.2020
Lutfu Mert Ceylan
Low
Park Ticketing Management System 1.0 Cross Site Scripting
22.01.2020
Priyanka Samak
Low
Revive Adserver 5.0.3 Cross Site Scripting
22.01.2020
Matteo Beccati
Low
Advie Framework 2.0.8 Cross Site Scripting
21.01.2020
Sarthak Saini
Low
Dokuz Eylül Üniversitesi Bilgisayar Bölümü reflected xss
21.01.2020
Furkan Özer
Low
izmir ekonomi üniversitesi XSS
20.01.2020
Furkan Özer
Med.
CarSpot – Dealership Wordpress Classified Theme v2.2.0 Multiple Vulnerabilities
17.01.2020
m0ze
Low
WordPress Resim ara 1.0 Cross Site Scripting
17.01.2020
Ricardo Sanchez
Low
Reality | Estate Multipurpose WordPress Theme v2.5.1 Reflected XSS
16.01.2020
m0ze
Low
Digi AnywhereUSB 14 Cross Site Scripting
14.01.2020
Raspina Net Pars Group
Med.
Real Estate 7 WordPress v2.9.4 Multiple Vulnerabilities
13.01.2020
m0ze
Low
Houzez - Real Estate WordPress Theme v1.8.3.1 Reflected XSS
11.01.2020
m0ze
Low
Travel Booking WordPress Theme v2.7.8.5 Persistent XSS
11.01.2020
m0ze
Low
Dairy Farm Shop Management System 1.0 Cross Site Scripting
08.01.2020
Chris Inzinga
Low
ERPNext 11.1.47 Cross Site Scripting
07.01.2020
Daniel Bishtawi
Low
Codoforum 4.8.3 Cross Site Scripting
07.01.2020
Prasanth c41m
Low
IceWarp 12.2.0 / 12.1.x Cross Site Scripting
06.01.2020
RedTeam
Low
WEMS Enterprise Manager 2.58 Cross Site Scripting
05.01.2020
LiquidWorm
Low
OX App Suite 7.10.2 Cross Site Scripting / Improper Access Control
05.01.2020
Martin Heiland
Low
Thrive Smart Home 1.1 Cross Site Scripting
31.12.2019
LiquidWorm
Low
HomeAutomation 3.3.2 Cross Site Scripting
31.12.2019
LiquidWorm
Low
AVE DOMINAplus 1.10.x Cross Site Request Forgery / Cross Site Scripting
29.12.2019
LiquidWorm
Med.
CityBook - Directory & Listing WordPress Theme v2.2.2 Multiple Vulnerabilities
27.12.2019
m0ze
Low
TownHub - Directory & Listing WordPress Theme v1.0.2 Multiple Vulnerabilities
27.12.2019
m0ze
Med.
EasyBook – Directory & Listing WordPress Theme v1.2.1 Multiple Vulnerabilities
27.12.2019
m0ze
Low
phpMyChat-Plus 1.98 Cross Site Scripting
24.12.2019
Chris Inzinga
Low
Zendesk SweetHawk Survey 1.6 Cross Site Scripting
18.12.2019
MTK
Low
TemaTres 3.0 Cross Site Scripting
09.12.2019
Pablo Santiago
Low
Wordpress 5.3 XSS
06.12.2019
Unkn0wn
Med.
SALTO ProAccess SPACE 5.5 Traversal / File Write / XSS / Bypass
03.12.2019
W. Schober
Low
Superlist - Directory WordPress Theme v2.9.2 Persistent XSS
02.12.2019
SubversA
Low
ListingPro - WordPress Directory Theme v2.0.14.2 Reflected & Persistent XSS
29.11.2019
SubversA
Low
Cumhuriyet Halk Partisi XSS
25.11.2019
vulnsearcher
Low
TestLink 1.9.19 Cross Site Scripting
21.11.2019
Milad Khoshdel
Low
Raritan CommandCenter Secure Gateway Cross Site Scripting
16.11.2019
Okan Coskun
Low
TP-Link Archer VR300 1 Cross Site Scripting
16.11.2019
Okan Coskun
Low
Linear eMerge E3 1.00-06 Cross Site Scripting
14.11.2019
LiquidWorm
Low
MicroStrategy Library Cross Site Scripting
14.11.2019
Alphan Yavas
Low
Computrols CBAS-Web 19.0.0 Cross Site Scripting
13.11.2019
LiquidWorm
Low
Honeywell MCR Web Controller Cross Site Scripting / Path Disclosure
12.11.2019
Pablo Rebolini
Low
Jenkins Build-Metrics 1.3 Cross Site Scripting
10.11.2019
vesche
Low
Parallels Plesk Panel 9.5 Cross Site Scripting
06.11.2019
Rafay Baloch
Med.
WebKit JSObject::putInlineSlow / JSValue::putToPrimitive Universal XSS
06.11.2019
Google Security Resear...
Low
html5_snmp 1.11 Cross Site Scripting
06.11.2019
Cakes
Low
thrsrossi Millhouse-Project 1.414 Cross Site Scripting
06.11.2019
Cakes
Low
ilchCMS 2.1.23 Cross Site Scripting
05.11.2019
Daniel Bishtawi
Med.
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 Cross Site Scripting
29.10.2019
Cakes
Low
CWP 0.9.8.885 Cross Site Scripting
29.10.2019
Pongtorn Angsuchotmete...
Low
NASA NODIS Cross Site Scripting
22.10.2019
Binit Ghimire
Low
WordPress Soliloquy Lite 2.5.6 Cross Site Scripting
18.10.2019
Unk9vvN
Low
WordPress FooGallery 1.8.12 Cross Site Scripting
18.10.2019
Unk9vvN
Low
WordPress Popup Builder 3.49 Cross Site Scripting
18.10.2019
Unk9vvN
Low
WordPress Broken Link Checker 1.11.8 Cross Site Scripting
17.10.2019
Ismail Doe
Low
Accounts Accounting 7.02 Cross Site Scripting
17.10.2019
Debashis Pal
High
ASUS RT-N10+ 2.0.3.4 CSRF / XSS / Command Execution
15.10.2019
Matheus Vrech
Low
HongCMS 3.0.0 multiple XSS
15.10.2019
Ali Abdollahi
Low
OpenProject 10.0.1 / 9.0.3 Cross Site Scripting
15.10.2019
David Haintz
Low
Openfire 4.4.1 Cross Site Scripting
13.10.2019
Daniel Bishtawi
Low
Intelbras Router WRN150 1.0.18 Cross Site Scripting
13.10.2019
Prof. Joas Antonio
Low
FFTC Agricultural Policy Articles XSS
09.10.2019
Ali Abdollahi
Low
Subrion 4.2.1 Cross Site Scripting
07.10.2019
Min Ko Ko
Low
DotNetNuke Cross Site Scripting
02.10.2019
MaYaSeVeN
Low
V-SOL GPON/EPON OLT Platform 2.03 Cross Site Scripting
30.09.2019
LiquidWorm
Low
Zoner - Real Estate WordPress Theme v4.1.1 Persistent XSS & IDOR
27.09.2019
m0ze
Med.
all-in-one-seo-pack 3.2.7 Cross Site Scripting
27.09.2019
Unk9vvN
Low
Duplicate-Post 3.2.3 Cross Site Scripting
27.09.2019
Unk9vvN
Low
Smart Forum - Forum PHP Script Persistent XSS
27.09.2019
m0ze
Low
WP Server Log Viewer 1.0 Cross Site Scripting
26.09.2019
strider
Low
GOautodial 4.0 Cross Site Scripting
20.09.2019
Cakes
Low
Oracle Mojarra JSF / Eclipse Mojarra JSF 2.2 / 2.3 Cross Site Scripting
19.09.2019
Jean-Benjamin Rousseau
Low
InJob | Multi-purpose for recruitment WordPress Theme v3.3.6 Reflected & Persistent XSS
16.09.2019
SubversA
Med.
Zoner | Real Estate Joomla Theme Persistent XSS
16.09.2019
SubversA
Low
LimeSurvey 3.17.13 Cross Site Scripting
15.09.2019
Andreas Kolbeck


CVEMAP Search Results

CVE
Details
Description
2020-04-08
Low
CVE-2020-10633

Updating...
 

 
A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). An attacker could send a specially crafted URL to initiate a password change for the device. The target must introduce the credentials to the gateway before the attack can be successful.

 
Low
CVE-2020-11626

Vendor: Primekey
Software: Ejbca
 

 
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Two Cross Side Scripting (XSS) vulnerabilities have been found in the Public Web and the Certificate/CRL download servlets.

 
2020-04-07
Low
CVE-2020-2173

Vendor: Jenkins
Software: Gatling
 

 
Jenkins Gatling Plugin 1.2.7 and earlier prevents Content-Security-Policy headers from being set for Gatling reports served by the plugin, resulting in an XSS vulnerability exploitable by users able to change report content.

 
Low
CVE-2020-2174

Vendor: Jenkins
Software: Awseb deployment
 

 
Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability.

 
Low
CVE-2020-2175

Vendor: Jenkins
Software: Fitnesse
 

 
Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control the XML input files processed by the plugin.

 
Low
CVE-2020-2176

Vendor: Jenkins
Software: Usemango runner
 

 
Multiple form validation endpoints in Jenkins useMango Runner Plugin 1.4 and earlier do not escape values received from the useMango service, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to control the values returned from the useMango service.

 
Low
CVE-2020-6171

Vendor: Communilink
Software: Clink office
 

 
A cross-site scripting (XSS) vulnerability in the index page of the CLink Office 2.0 management console allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

 
Low
CVE-2020-11512

Vendor: Idxbroker
Software: Impress for ...
 

 
Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 allows authenticated attackers with minimal (subscriber-level) permissions to save arbitrary JavaScript in the plugin's settings panel via the idx_update_recaptcha_key AJAX action and a crafted idx_recaptcha_site_key parameter, which would then be executed in the browser of any administrator visiting the panel. This could be used to create new administrator-level accounts.

 
Medium
CVE-2019-13559

Vendor: GE
Software: Mark vie con...
 

 
GE Mark VIe Controller is shipped with pre-configured hard-coded credentials that may allow root-user access to the controller. A limited application of the affected product may ship without setup and configuration instructions immediately available to the end user. The bulk of controllers go into applications requiring the GE commissioning engineer to change default configurations during the installation process. GE recommends that users reset controller passwords during installation in the operating environment.

 
2020-04-03
Low
CVE-2020-5283

Vendor: Viewvc
Software: Viewvc
 

 
ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has the `show_subdir_lastmod` feature enabled. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. This vulnerability is patched in versions 1.2.1 and 1.1.28.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top