CWE:
 

Topic
Date
Author
Low
Golo - City Travel Guide WordPress Theme v1.3.2 - Unauthenticated Reflected XSS
13.07.2020
Vlad Vector
Low
CareerUp - Job Board WordPress Theme v2.3.0 - Unauthenticated Reflected XSS
13.07.2020
Vlad Vector
Low
Prolisting - Directory Listing WordPress Theme v1.2 - Unauthenticated Reflected XSS
13.07.2020
Vlad Vector
Low
Jetapo | Jobboard WordPress Theme v1.0.0 - Unauthenticated Reflected XSS
13.07.2020
Vlad Vector
Low
Monalisa | Hotel & Resort WordPress Theme v2.1.2 - Unauthenticated Reflected XSS
13.07.2020
Vlad Vector
Low
Kormosala – Job Board WordPress Theme v1.0.22 - Unauthenticated Reflected XSS
13.07.2020
Vlad Vector
Low
Webtareas 2.1 / 2.1p Cross Site Scripting
12.07.2020
AppleBois
Low
Savsoft Quiz 5 Cross Site Scripting
12.07.2020
th3d1gger
Low
Impress CMS 1.4.0 Cross Site Scripting
12.07.2020
AppleBois
Low
Froala WYSIWYG HTML Editor 3.1.1 Cross Site Scripting
05.07.2020
Emanuel Duss
Low
EQDKP Plus CMS 2.3.29 Cross Site Scripting
03.07.2020
Farhan Rahman
Low
BSA Radar 1.6.7234.24750 Cross Site Scripting
25.06.2020
William Summerhill
Low
GilaCMS 1.11.5 Cross Site Request Forgery / Cross Site Scripting
24.06.2020
Rodolfo Tavares
Low
WebPort 1.19.1 Cross Site Scripting
23.06.2020
Emre OVUNC
Low
Travel Booking WordPress Theme v2.8.1 - Unauthenticated Reflected XSS
22.06.2020
Vlad Vector
Low
TownHub - Directory & Listing WordPress Theme v1.2.9 - Unauthenticated Reflected XSS
22.06.2020
Vlad Vector
Low
CityBook - Directory & Listing WordPress Theme v2.4.3 - Unauthenticated Reflected XSS
22.06.2020
Vlad Vector
Med.
OpenCTI 3.3.1 Cross Site Scripting / Directory Traversal
18.06.2020
Raif Berkay Dincel
Low
Sysax MultiServer 6.90 Cross Site Scripting
17.06.2020
Luca Epifanio
Low
OX App Suite / OX Documents 7.10.3 XSS / SSRF / Improper Validation
16.06.2020
Martin Heiland
Low
WebUntis 2020.12.1 Cross Site Scripting
10.06.2020
Robin Meis
Low
Underconstructionpage Cross Site Scripting
05.06.2020
Atmon3r
Med.
We-Com Municipality Portal CMS 2.1.x Cross Site Scripting / SQL Injection
02.06.2020
thelastvvv
Low
OpenCart 3.0.3.2 Stored Cross Site Scripting (Authenticated)
02.06.2020
Kailash Bohara
Low
EyouCMS 1.4.6 Cross Site Scripting
28.05.2020
CBIITMC
Low
Online Marriage Registration System 1.0 Cross Site Scripting
28.05.2020
that faceless coder
Low
Kuicms PHP EE 2.0 Cross Site Scripting
28.05.2020
CBIITMC
Low
Composr CMS 10.0.30 Cross Site Scripting
22.05.2020
Manuel Garcia Cardenas
Low
Submitty 20.04.01 Cross Site Scripting
21.05.2020
humblelad
Low
Dolibarr 11.0.3 Cross Site Scripting
21.05.2020
Mehmet Kelepce
Low
Victor CMS 1.0 Cross Site Scripting
20.05.2020
Kishan Lal Choudhary
Low
Forma.LMS The E-Learning Suite 2.3.0.2 Cross Site Scripting
19.05.2020
Daniel Ortiz
Low
Tryton 5.4 Cross Site Scripting
14.05.2020
Benjamin Kunz Mejri
Med.
Sellacious eCommerce Shop Cross Site Scripting
14.05.2020
Benjamin Kunz Mejri
Low
Cisco Digital Network Architecture Center 1.3.1.4 Cross Site Scripting
13.05.2020
Dylan Garnaud
Low
Tiny MySQL Cross Site Scripting
11.05.2020
Milad Karimi
Low
WebTareas 2.0p8 Cross Site Scripting
09.05.2020
Bobby Cooke
Low
Sentrifugo CMS 3.2 Cross Site Scripting
09.05.2020
Benjamin Kunz Mejri
Low
LANCOM WLAN Controller Cross Site Scripting
09.05.2020
Benjamin Kunz Mejri
Low
Draytek VigorAP Cross Site Scripting
09.05.2020
Benjamin Kunz Mejri
Low
Create-Project Manager 1.07 Cross Site Scripting / HTML Injection
09.05.2020
thelastvvv
Low
OpenZ ERP 3.6.60 Cross Site Scripting
09.05.2020
Benjamin Kunz Mejri
Low
iChat 1.6 Cross Site Scripting
08.05.2020
thelastvvv
Low
osTicket 1.14.1 Cross Site Scripting
05.05.2020
Mehmet Kelepce
Low
Online Scheduling System v1.0 - Persistent Cross-Site Scripting
02.05.2020
Bobby Cooke
High
Online Scheduling System v1.0 - Authentication Bypass
02.05.2020
Bobby Cooke
Low
ChemInv 1 Cross Site Scripting
01.05.2020
Bobby Cooke
Low
Open-AudIT 3.3.0 Cross Site Scripting
28.04.2020
Kamaljeet Kumar
Low
jQuery html() Cross Site Scripting
28.04.2020
Marcin Kozlowski
Med.
Project Open CMS 5.0.3 Cross Site Scripting / SQL Injection
28.04.2020
Benjamin Kunz Mejri
Med.
Easy Transfer 1.7 Cross Site Scripting / Directory Traversal
28.04.2020
Benjamin Kunz Mejri
Low
POS PHP 17.5 Cross Site Scripting
28.04.2020
Benjamin Kunz Mejri
Low
User Management System 2.0 Cross Site Scripting
26.04.2020
Besim Altinok
Low
Complaint Management System 4.2 Cross Site Scripting
26.04.2020
Besim Altinok
Low
Catch Breadcrumb v1.5.4 WordPress plugin - Unauthenticated Reflected XSS
22.04.2020
Ex.Mi
Med.
Sky File 2.1.0 Cross Site Scripting / Directory Traversal
21.04.2020
Benjamin Kunz Mejri
Low
P5 FNIP-8x16A/FNIP-4xSH CSRF / Cross Site Scripting
21.04.2020
LiquidWorm
Low
Mahara 19.10.2 Cross Site Scripting
21.04.2020
Benjamin Kunz Mejri
Low
QRadar Community Edition 7.3.1.6 Cross Site Scripting
21.04.2020
Yorick Koster
High
Prestashop 1.7.6.4 XSS / CSRF / Remote Code Execution
19.04.2020
Sivanesh Ashok
Med.
TAO Open Source Assessment Platform 3.3.0 RC02 Cross Site Scripting
19.04.2020
Benjamin Kunz Mejri
Low
Swift File Transfer Mobile Cross Site Scripting / Information Disclosure
18.04.2020
Benjamin Kunz Mejri
Med.
Macs Framework 1.14f Cross Site Scripting / SQL Injection
16.04.2020
Benjamin Kunz Mejri
Low
SuperBackup 2.0.5 Persistent Cross Site Scripting
16.04.2020
Benjamin Kunz Mejri
Low
DedeCMS 7.5 SP2 Persistent Cross Site Scripting
16.04.2020
Benjamin Kunz Mejri
Low
Bundeswehr Karriere Cross Site Scripting
16.04.2020
Benjamin Kunz Mejri
Low
Matrix42 Workspace Management 9.1.2.2765 Cross Site Scripting
15.04.2020
Christian Pappas
Low
TAO Open Source Assessment Platform 3.3.0 RC2 Cross Site Scripting
09.04.2020
David Haintz
Low
LimeSurvey 4.1.11 Cross Site Scripting
07.04.2020
Matthew Aberegg
Low
Vanguard 2.1 Cross Site Scripting
07.04.2020
thelastvvv
Low
WhatsApp Desktop 0.3.9308 Cross Site Scripting
07.04.2020
Gal Weizman
Low
MicroStrategy Intelligence Server And Web 10.4 XSS / Disclosure / SSRF / Code Execution
04.04.2020
redtimmysec
Med.
DesignMasterEvents CMS 1.0 SQL Injection / Cross Site Scripting
30.03.2020
thelastvvv
Med.
Webexcels Ecommerce CMS 2.x SQL Injection / Cross Site Scripting
29.03.2020
thelastvvv
Low
LeptonCMS 4.5.0 Cross Site Scripting
29.03.2020
SunCSR
Low
UliCMS 2020.1 Cross Site Scripting
29.03.2020
SunCSR
Low
codeBeamer 9.5 Cross Site Scripting
29.03.2020
Georg Ph E Heise
Low
Micro Focus Vibe 4.0.6 HTML Injection
29.03.2020
Dr. Vladimir Bostanov
Med.
SharePoint Workflows XOML Injection
25.03.2020
thelastvvv
Med.
SialWeb CMS eCommerce 1.0 / 1.1 Cross Site Scripting / SQL Injection
25.03.2020
thelastvvv
Med.
FIBARO System Home Center 5.021 Remote File Inclusion / XSS
24.03.2020
LiquidWorm
Med.
Oce Colorwave 500 CSRF / XSS / Authentication Bypass
20.03.2020
Marco Ortisi
Low
Zyxel CNM SecuManager 3.1.0 / 3.1.1 Hardcoded Keys / XSS / Code Execution
15.03.2020
Pierre Kim
Low
PHP Scripts Mall website-seller Script 2.0.5 Reflected XSS.
14.03.2020
Sukanta Beniya
Low
YzmCMS 5.5 Cross Site Scripting
10.03.2020
En_dust
Low
Alfresco 5.2.4 Cross Site Scripting
04.03.2020
Alexandre Zanni
Low
İstanbul Teknik University XSS vul
03.03.2020
Furkan Özer
Low
DirectWeb 0.4.0 Cross Site Scripting
29.02.2020
indoushka
Low
PHP-Fusion CMS 9.03 Cross Site Scripting
28.02.2020
R. Jaafar
Low
WordPress WP Sitemap Page 1.6.2 Cross Site Scripting
19.02.2020
UltraSecurityTeam
Low
WordPress Fruitful 3.8 Cross Site Scripting
19.02.2020
AmirMohammad Safari
Low
CHIYU BF430 TCP IP Converter Cross Site Scripting
12.02.2020
Luca.Chiou
Low
Forcepoint WebSecurity 8.5 Cross Site Scripting
11.02.2020
Prasenjit Kanti Paul
Low
LearnDash WordPress LMS 3.1.2 Cross Site Scripting
11.02.2020
Jinson Varghese Behana...
Low
Vanilla Forum 2.6.3 Cross Site Scripting
11.02.2020
Sayak Naskar
Low
IceWarp WebMail 11.4.4.1 Cross Site Scripting
28.01.2020
Lutfu Mert Ceylan
Low
Park Ticketing Management System 1.0 Cross Site Scripting
22.01.2020
Priyanka Samak
Low
Revive Adserver 5.0.3 Cross Site Scripting
22.01.2020
Matteo Beccati
Low
Advie Framework 2.0.8 Cross Site Scripting
21.01.2020
Sarthak Saini
Low
Dokuz Eylül Üniversitesi Bilgisayar Bölümü reflected xss
21.01.2020
Furkan Özer


CVEMAP Search Results

CVE
Details
Description
2020-07-09
Low
CVE-2020-13992

Vendor: Mods-for-hesk
Software: Mods for hesk
 

 
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Stored XSS issue allows remote unauthenticated attackers to abuse a helpdesk user's logged in session. A user with sufficient privileges to change their login-page image must open a crafted ticket.

 
2020-07-08
Low
CVE-2020-15073

Vendor: Phplist
Software: Phplist
 

 
An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section.

 
2020-07-07
Low
CVE-2020-15036

Vendor: NEDI
Software: NEDI
 

 
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter.

 
Low
CVE-2020-15037

Vendor: NEDI
Software: NEDI
 

 
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Reports-Devices.php page st[] parameter.

 
Low
CVE-2020-15028

Vendor: NEDI
Software: NEDI
 

 
NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Map.php xo parameter.

 
Low
CVE-2020-15029

Vendor: NEDI
Software: NEDI
 

 
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php sn parameter.

 
Low
CVE-2020-15030

Vendor: NEDI
Software: NEDI
 

 
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Routes.php rtr parameter.

 
Low
CVE-2020-15031

Vendor: NEDI
Software: NEDI
 

 
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php chg parameter.

 
Low
CVE-2020-15032

Vendor: NEDI
Software: NEDI
 

 
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Incidents.php id parameter.

 
Low
CVE-2020-15033

Vendor: NEDI
Software: NEDI
 

 
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the snmpget.php ip parameter.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top