CWE:
 

Topic
Date
Author
Low
IceWarp WebMail 11.4.4.1 Cross Site Scripting
28.01.2020
Lutfu Mert Ceylan
Low
Park Ticketing Management System 1.0 Cross Site Scripting
22.01.2020
Priyanka Samak
Low
Revive Adserver 5.0.3 Cross Site Scripting
22.01.2020
Matteo Beccati
Low
Advie Framework 2.0.8 Cross Site Scripting
21.01.2020
Sarthak Saini
Low
Dokuz Eylül Üniversitesi Bilgisayar Bölümü reflected xss
21.01.2020
Furkan Özer
Low
izmir ekonomi üniversitesi XSS
20.01.2020
Furkan Özer
Med.
CarSpot – Dealership Wordpress Classified Theme v2.2.0 Multiple Vulnerabilities
17.01.2020
m0ze
Low
WordPress Resim ara 1.0 Cross Site Scripting
17.01.2020
Ricardo Sanchez
Low
Reality | Estate Multipurpose WordPress Theme v2.5.1 Reflected XSS
16.01.2020
m0ze
Low
Digi AnywhereUSB 14 Cross Site Scripting
14.01.2020
Raspina Net Pars Group
Med.
Real Estate 7 WordPress v2.9.4 Multiple Vulnerabilities
13.01.2020
m0ze
Low
Houzez - Real Estate WordPress Theme v1.8.3.1 Reflected XSS
11.01.2020
m0ze
Low
Travel Booking WordPress Theme v2.7.8.5 Persistent XSS
11.01.2020
m0ze
Low
Dairy Farm Shop Management System 1.0 Cross Site Scripting
08.01.2020
Chris Inzinga
Low
ERPNext 11.1.47 Cross Site Scripting
07.01.2020
Daniel Bishtawi
Low
Codoforum 4.8.3 Cross Site Scripting
07.01.2020
Prasanth c41m
Low
IceWarp 12.2.0 / 12.1.x Cross Site Scripting
06.01.2020
RedTeam
Low
WEMS Enterprise Manager 2.58 Cross Site Scripting
05.01.2020
LiquidWorm
Low
OX App Suite 7.10.2 Cross Site Scripting / Improper Access Control
05.01.2020
Martin Heiland
Low
Thrive Smart Home 1.1 Cross Site Scripting
31.12.2019
LiquidWorm
Low
HomeAutomation 3.3.2 Cross Site Scripting
31.12.2019
LiquidWorm
Low
AVE DOMINAplus 1.10.x Cross Site Request Forgery / Cross Site Scripting
29.12.2019
LiquidWorm
Med.
CityBook - Directory & Listing WordPress Theme v2.2.2 Multiple Vulnerabilities
27.12.2019
m0ze
Low
TownHub - Directory & Listing WordPress Theme v1.0.2 Multiple Vulnerabilities
27.12.2019
m0ze
Med.
EasyBook – Directory & Listing WordPress Theme v1.2.1 Multiple Vulnerabilities
27.12.2019
m0ze
Low
phpMyChat-Plus 1.98 Cross Site Scripting
24.12.2019
Chris Inzinga
Low
Zendesk SweetHawk Survey 1.6 Cross Site Scripting
18.12.2019
MTK
Low
TemaTres 3.0 Cross Site Scripting
09.12.2019
Pablo Santiago
Low
Wordpress 5.3 XSS
06.12.2019
Unkn0wn
Med.
SALTO ProAccess SPACE 5.5 Traversal / File Write / XSS / Bypass
03.12.2019
W. Schober
Low
Superlist - Directory WordPress Theme v2.9.2 Persistent XSS
02.12.2019
SubversA
Low
ListingPro - WordPress Directory Theme v2.0.14.2 Reflected & Persistent XSS
29.11.2019
SubversA
Low
Cumhuriyet Halk Partisi XSS
25.11.2019
vulnsearcher
Low
TestLink 1.9.19 Cross Site Scripting
21.11.2019
Milad Khoshdel
Low
Raritan CommandCenter Secure Gateway Cross Site Scripting
16.11.2019
Okan Coskun
Low
TP-Link Archer VR300 1 Cross Site Scripting
16.11.2019
Okan Coskun
Low
Linear eMerge E3 1.00-06 Cross Site Scripting
14.11.2019
LiquidWorm
Low
MicroStrategy Library Cross Site Scripting
14.11.2019
Alphan Yavas
Low
Computrols CBAS-Web 19.0.0 Cross Site Scripting
13.11.2019
LiquidWorm
Low
Honeywell MCR Web Controller Cross Site Scripting / Path Disclosure
12.11.2019
Pablo Rebolini
Low
Jenkins Build-Metrics 1.3 Cross Site Scripting
10.11.2019
vesche
Low
Parallels Plesk Panel 9.5 Cross Site Scripting
06.11.2019
Rafay Baloch
Med.
WebKit JSObject::putInlineSlow / JSValue::putToPrimitive Universal XSS
06.11.2019
Google Security Resear...
Low
html5_snmp 1.11 Cross Site Scripting
06.11.2019
Cakes
Low
thrsrossi Millhouse-Project 1.414 Cross Site Scripting
06.11.2019
Cakes
Low
ilchCMS 2.1.23 Cross Site Scripting
05.11.2019
Daniel Bishtawi
Med.
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 Cross Site Scripting
29.10.2019
Cakes
Low
CWP 0.9.8.885 Cross Site Scripting
29.10.2019
Pongtorn Angsuchotmete...
Low
NASA NODIS Cross Site Scripting
22.10.2019
Binit Ghimire
Low
WordPress Soliloquy Lite 2.5.6 Cross Site Scripting
18.10.2019
Unk9vvN
Low
WordPress FooGallery 1.8.12 Cross Site Scripting
18.10.2019
Unk9vvN
Low
WordPress Popup Builder 3.49 Cross Site Scripting
18.10.2019
Unk9vvN
Low
WordPress Broken Link Checker 1.11.8 Cross Site Scripting
17.10.2019
Ismail Doe
Low
Accounts Accounting 7.02 Cross Site Scripting
17.10.2019
Debashis Pal
High
ASUS RT-N10+ 2.0.3.4 CSRF / XSS / Command Execution
15.10.2019
Matheus Vrech
Low
HongCMS 3.0.0 multiple XSS
15.10.2019
Ali Abdollahi
Low
OpenProject 10.0.1 / 9.0.3 Cross Site Scripting
15.10.2019
David Haintz
Low
Openfire 4.4.1 Cross Site Scripting
13.10.2019
Daniel Bishtawi
Low
Intelbras Router WRN150 1.0.18 Cross Site Scripting
13.10.2019
Prof. Joas Antonio
Low
FFTC Agricultural Policy Articles XSS
09.10.2019
Ali Abdollahi
Low
Subrion 4.2.1 Cross Site Scripting
07.10.2019
Min Ko Ko
Low
DotNetNuke Cross Site Scripting
02.10.2019
MaYaSeVeN
Low
V-SOL GPON/EPON OLT Platform 2.03 Cross Site Scripting
30.09.2019
LiquidWorm
Low
Zoner - Real Estate WordPress Theme v4.1.1 Persistent XSS & IDOR
27.09.2019
m0ze
Med.
all-in-one-seo-pack 3.2.7 Cross Site Scripting
27.09.2019
Unk9vvN
Low
Duplicate-Post 3.2.3 Cross Site Scripting
27.09.2019
Unk9vvN
Low
Smart Forum - Forum PHP Script Persistent XSS
27.09.2019
m0ze
Low
WP Server Log Viewer 1.0 Cross Site Scripting
26.09.2019
strider
Low
GOautodial 4.0 Cross Site Scripting
20.09.2019
Cakes
Low
Oracle Mojarra JSF / Eclipse Mojarra JSF 2.2 / 2.3 Cross Site Scripting
19.09.2019
Jean-Benjamin Rousseau
Low
InJob | Multi-purpose for recruitment WordPress Theme v3.3.6 Reflected & Persistent XSS
16.09.2019
SubversA
Med.
Zoner | Real Estate Joomla Theme Persistent XSS
16.09.2019
SubversA
Low
LimeSurvey 3.17.13 Cross Site Scripting
15.09.2019
Andreas Kolbeck
Low
Dolibarr ERP-CRM 10.0.1 Cross Site Scripting
15.09.2019
Metin Yunus Kandemir
Low
Piwigo 2.9.5 Cross Site Request Forgery / Cross Site Scripting
15.09.2019
Rodolfo Tavares
Low
OpenEdx Ironwood.1 Cross Site Scripting
11.09.2019
Daniel Bishtawi
Low
WordPress Checklist 1.1.5 Cross Site Scripting
11.09.2019
Ricardo Sanchez
Med.
WordPress Qwiz Online Quizzes And Flashcards 3.36 Cross Site Scripting
10.09.2019
Ricardo Sanchez
Low
WordPress Sell Downloads 1.0.86 Cross Site Scripting
10.09.2019
Mr Winst0n
Med.
WordPress Ellipsis Human Presence Technology 2.0.8 Cross Site Scripting
10.09.2019
Ricardo Sanchez
Low
Reality | Estate Multipurpose WordPress Theme Persistent XSS
09.09.2019
SubversA
Med.
Selio - Real Estate Directory SQL Injection & Persistent XSS
09.09.2019
SubversA
Med.
Nexos - Real Estate WordPress Theme SQL Injection & Persistent XSS
08.09.2019
SubversA
Low
WordPress API Bearer Auth 20181229 Cross Site Scripting
06.09.2019
Ricardo Sanchez
Low
WordPress Ecpay Logistics For WooCommerce 1.2.181030 Cross Site Scripting
06.09.2019
Ricardo Sanchez
Med.
WordPress Portrait-Archiv.com Photostore 5.0.4 Cross Site Scripting
05.09.2019
Ricardo Sanchez
Low
WordPress Spryng Payments WooCommerce 1.6.7 Cross Site Scripting
05.09.2019
Ricardo Sanchez
Low
Opencart 3.x Cross Site Scripting
03.09.2019
Nipun Somani
Low
Sentrifugo 3.2 Cross Site Scripting
02.09.2019
creosote
Low
WebKitGTK+ / WPE WebKit Code Execution / XSS
02.09.2019
WebKitGTK
Low
Ping Identity Agentless Integration Kit Cross Site Scripting
01.09.2019
Thomas Konrad
Low
LSoft ListServ Cross Site Scripting
27.08.2019
MTK
Low
Snapforce CRM 8.3.0 Cross Site Scripting
23.08.2019
Prasad Lingamaiah
Low
Endian Firewall 3.3.0 Cross Site Scripting
23.08.2019
G0dfather
Low
Neo Billing 3.5 Cross Site Scripting
20.08.2019
n1x_
Low
Kimai 2 Cross Site Scripting
20.08.2019
osamaalaa
Low
National Aeronautics and Space Administration Robotics Alliance Project Reflected XSS Cross Site Scripting
20.08.2019
KingSkrupellos
Low
Open-Xchange OX App Suite Content Spoofing / Cross Site Scripting
17.08.2019
Martin Heiland
Low
Open-Xchange OX Guard Cross Site Scripting / Signature Validation
17.08.2019
Hanno Boeck
Low
BSI Advance Hotel Booking System 2.0 Cross Site Scripting
13.08.2019
Angelo Ruwantha


CVEMAP Search Results

CVE
Details
Description
2020-01-28
Low
CVE-2019-20440

Vendor: WSO2
Software: Api manager
 

 
An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the update API documentation feature of the API Publisher.

 
Low
CVE-2019-20441

Vendor: WSO2
Software: Api manager
 

 
An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting (XSS) vulnerability has been identified in the 'implement phase' of the API Publisher.

 
Low
CVE-2019-20442

Vendor: WSO2
Software: Api manager
 

 
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in roleToAuthorize has been identified in the registry UI.

 
Low
CVE-2019-20443

Vendor: WSO2
Software: Api manager
 

 
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in mediaType has been identified in the registry UI.

 
Low
CVE-2019-10770

Vendor: Ratpack
Software: Ratpack
 

 
All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and before 1.7.6 are vulnerable to Cross-site Scripting (XSS). This affects the development mode error handler when an exception message contains untrusted data. Note the production mode error handler is not vulnerable - so for this to be utilized in production it would require users to not disable development mode.

 
Low
CVE-2019-15586

Vendor: Gitlab
Software: Gitlab
 

 
A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin.

 
Low
CVE-2019-20434

Vendor: WSO2
Software: Api manager
 

 
An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Datasource creation page of the Management Console.

 
Low
CVE-2019-20435

Vendor: WSO2
Software: Api manager
 

 
An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter.

 
Low
CVE-2019-20436

Vendor: WSO2
Software: Api manager
 

 
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. If there is a claim dialect configured with an XSS payload in the dialect URI, and a user picks up this dialect's URI and adds it as the service provider claim dialect while configuring the service provider, that payload gets executed. The attacker also needs to have privileges to log in to the management console, and to add and configure claim dialects.

 
Low
CVE-2019-20437

Vendor: WSO2
Software: Api manager
 

 
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider basic claim configuration, that payload gets executed, if a user picks up that dialect's URI as the provisioning claim in the advanced claim configuration of the same Identity Provider. The attacker also needs to have privileges to log in to the management console, and to add and update identity provider configurations.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top