CWE:
 

Topic
Date
Author
Low
Visitor Management System In PHP 1.0 Cross Site Scripting
23.09.2020
Rahul Ramkumar
Low
Navy Federal Cross Site Scripting
19.09.2020
Arthrocyber
Low
Piwigo 2.10.1 Cross Site Scripting
17.09.2020
Iridium
Low
Cabot 0.11.12 Cross Site Scripting
08.09.2020
Abhiram V
Low
Grocy 2.7.1 Cross Site Scripting
08.09.2020
Mufaddal Masalawala
Low
Best Support System v3.0.4 - Authenticated Persistent XSS
05.09.2020
Ex.Mi
Med.
Red Lion N-Tron 702-W / 702M12-W 2.0.26 XSS / CSRF / Shell
05.09.2020
T. Weber
Low
Go CGI / FastCGI Transport Cross Site Scripting
02.09.2020
RedTeam
Low
Symphony CMS 3.0.0 Cross Site Scripting
30.08.2020
SunCSR
Low
Nagios Log Server 2.1.6 Cross Site Scripting
28.08.2020
Jinson Varghese Behana...
Low
LimeSurvey 4.3.10 Cross Site Scripting
25.08.2020
Matthew Aberegg
Low
Joomla Adagency 6.1.2 Cross Site Scripting
22.08.2020
Vincent666 ibn Winnie
Low
ElkarBackup 1.3.3 Cross Site Scripting
22.08.2020
Enes Özeser
Low
vBulletin 5.6.2 Persistent Cross Site Scripting
20.08.2020
Vincent666 ibn Winnie
Low
WordPress Colorbox Lightbox 1.1.2 Cross Site Scripting
18.08.2020
Melbin K Mathew
Low
XenForo 2.1.10 Patch 2 Cross Site Scripting
17.08.2020
Vincent666 ibn Winnie
Low
WordPress Fancybox Lightbox 1.0.1 Cross Site Scripting
17.08.2020
Melbin K Mathew
Low
WordPress Responsive Lightbox2 1.0.2 Cross Site Scripting
17.08.2020
Melbin K Mathew
Low
WordPress NextGen Gallery Sell Photo 1.0.5 Cross Site Scripting
17.08.2020
Melbin K Mathew
Low
Wordpress Easy Media Download 1.1.4 Cross Site Scripting
17.08.2020
Melbin K Mathew
Low
WordPress Sell Photo 1.0.5 Cross Site Scripting
15.08.2020
Melbin K Mathew
Low
vabase– Cross Site Scripting vulnerability (xss)
14.08.2020
Mostafa Farzaneh
Low
vBulletin 5.6.2 Cross Site Scripting
14.08.2020
Vincent666 ibn Winnie
Low
Tailor MS 1.0 Cross Site Scripting
11.08.2020
Bobby Cooke
Low
Mara CMS 7.5 Cross Site Scripting
04.08.2020
George Tsimpidas
Low
Gantt-Chart For Jira 5.5.4 Cross Site Scripting
04.08.2020
Sebastian Auwaerter
Low
Daily Tracker System 1.0 Cross Site Scripting
01.08.2020
hyd3sec
Low
Namirial SIGNificant SignAnyWhere 6.10.x Cross Site Scripting
31.07.2020
Philipp Espernberger
Med.
Konzept - Fullscreen Portfolio WordPress Theme v2.3 - Unauthenticated Reflected XSS
30.07.2020
Vlad Vector
Low
WordPress Maintenance Mode By SeedProd 5.1.1 Cross Site Scripting
30.07.2020
Jinson Varghese Behana...
Low
Virtual Airlines Manager 2.6.2 Persistent Cross-Site Scripting
27.07.2020
Peter Blue
Low
FoodBakery | Food Delivery Restaurant Directory WordPress Theme v1.9 - Unauthenticated Reflected XSS
27.07.2020
Vlad Vector
Low
Geo Magazine | Modern Responsive Newspaper | News Portal WordPress Theme v2.0 - Unauthenticated Reflected XSS
27.07.2020
Vlad Vector
Low
Home Villas | Real Estate WordPress Theme v2.2 - Multiple Vulnerabilities
27.07.2020
Vlad Vector
Med.
JobCareer | Job Board Responsive WordPress Theme v3.4 - Multiple Vulnerabilities
27.07.2020
Vlad Vector
Low
JobSearch WP Job Board WordPress Plugin v1.5.4 - Unauthenticated Reflected XSS
25.07.2020
Vlad Vector
Med.
Careerfy - Job Board WordPress Theme v4.3.0 - Unauthenticated Reflected XSS
25.07.2020
Vlad Vector
Low
Docsify.js 4.11.4 Cross Site Scripting
23.07.2020
Amin Sharifi
Low
Real Estate 7 WordPress v3.0.3 - Unauthenticated Reflected XSS
23.07.2020
Vlad Vector
Low
Workup – Job Board WordPress Theme v2.1.5 - Unauthenticated Reflected XSS
21.07.2020
Vlad Vector
Low
Workio – Job Board WordPress Theme v1.0.1 - Unauthenticated Reflected XSS
21.07.2020
Vlad Vector
Low
Careerfy - Job Board WordPress Theme v4.2.0 - Unauthenticated Reflected XSS
21.07.2020
Vlad Vector
Low
JobSearch WP Job Board WordPress Plugin v1.5.2 - Multiple Vulnerabilities
21.07.2020
Vlad Vector
Low
CarePlus - Health & Medical Responsive WordPress Theme v1.2 - Unauthenticated Reflected XSS
21.07.2020
Vlad Vector
Low
InJob | Multi features for recruitment WordPress Theme v3.4.0 - Authenticated Reflected XSS
21.07.2020
Vlad Vector
Med.
Mida Solutions eFramework 2.9.0 XSS / Code Execution / SQL Injection
21.07.2020
Andrea Baesso
High
Reality | Estate Multipurpose WordPress Theme v2.5.5 - Unauthenticated Reflected XSS
18.07.2020
Vlad Vector
Med.
JobSearch WP Job Board WordPress Plugin v1.5.1 - Multiple Vulnerabilities
18.07.2020
Vlad Vector
High
WonderCMS 3.1.0 XSS / Directory Traversal / File Upload
18.07.2020
Calvin Phang
Low
PMB 5.6 Cross Site Scripting
18.07.2020
41-trk
Med.
Careerfy - Job Board WordPress Theme v4.0.0 - Multiple Vulnerabilities
18.07.2020
Vlad Vector
Med.
Travel Booking WordPress Theme v2.8.3 - Multiple Vulnerabilities
17.07.2020
Vlad Vector
Low
Reality | Estate Multipurpose WordPress Theme v2.5.3 - Multiple Reflected XSS
17.07.2020
Vlad Vector
Med.
Careerfy - Job Board WordPress Theme v3.9.0 - Multiple Vulnerabilities
17.07.2020
Vlad Vector
Low
Golo - City Travel Guide WordPress Theme v1.3.2 - Unauthenticated Reflected XSS
13.07.2020
Vlad Vector
Low
CareerUp - Job Board WordPress Theme v2.3.0 - Unauthenticated Reflected XSS
13.07.2020
Vlad Vector
Low
Prolisting - Directory Listing WordPress Theme v1.2 - Unauthenticated Reflected XSS
13.07.2020
Vlad Vector
Low
Jetapo | Jobboard WordPress Theme v1.0.0 - Unauthenticated Reflected XSS
13.07.2020
Vlad Vector
Low
Monalisa | Hotel & Resort WordPress Theme v2.1.2 - Unauthenticated Reflected XSS
13.07.2020
Vlad Vector
Low
Kormosala – Job Board WordPress Theme v1.0.22 - Unauthenticated Reflected XSS
13.07.2020
Vlad Vector
Low
Webtareas 2.1 / 2.1p Cross Site Scripting
12.07.2020
AppleBois
Low
Savsoft Quiz 5 Cross Site Scripting
12.07.2020
th3d1gger
Low
Impress CMS 1.4.0 Cross Site Scripting
12.07.2020
AppleBois
Low
Froala WYSIWYG HTML Editor 3.1.1 Cross Site Scripting
05.07.2020
Emanuel Duss
Low
EQDKP Plus CMS 2.3.29 Cross Site Scripting
03.07.2020
Farhan Rahman
Low
BSA Radar 1.6.7234.24750 Cross Site Scripting
25.06.2020
William Summerhill
Low
GilaCMS 1.11.5 Cross Site Request Forgery / Cross Site Scripting
24.06.2020
Rodolfo Tavares
Low
WebPort 1.19.1 Cross Site Scripting
23.06.2020
Emre OVUNC
Low
Travel Booking WordPress Theme v2.8.1 - Unauthenticated Reflected XSS
22.06.2020
Vlad Vector
Low
TownHub - Directory & Listing WordPress Theme v1.2.9 - Unauthenticated Reflected XSS
22.06.2020
Vlad Vector
Low
CityBook - Directory & Listing WordPress Theme v2.4.3 - Unauthenticated Reflected XSS
22.06.2020
Vlad Vector
Med.
OpenCTI 3.3.1 Cross Site Scripting / Directory Traversal
18.06.2020
Raif Berkay Dincel
Low
Sysax MultiServer 6.90 Cross Site Scripting
17.06.2020
Luca Epifanio
Low
OX App Suite / OX Documents 7.10.3 XSS / SSRF / Improper Validation
16.06.2020
Martin Heiland
Low
WebUntis 2020.12.1 Cross Site Scripting
10.06.2020
Robin Meis
Low
Underconstructionpage Cross Site Scripting
05.06.2020
Atmon3r
Med.
We-Com Municipality Portal CMS 2.1.x Cross Site Scripting / SQL Injection
02.06.2020
thelastvvv
Low
OpenCart 3.0.3.2 Stored Cross Site Scripting (Authenticated)
02.06.2020
Kailash Bohara
Low
EyouCMS 1.4.6 Cross Site Scripting
28.05.2020
CBIITMC
Low
Online Marriage Registration System 1.0 Cross Site Scripting
28.05.2020
that faceless coder
Low
Kuicms PHP EE 2.0 Cross Site Scripting
28.05.2020
CBIITMC
Low
Composr CMS 10.0.30 Cross Site Scripting
22.05.2020
Manuel Garcia Cardenas
Low
Submitty 20.04.01 Cross Site Scripting
21.05.2020
humblelad
Low
Dolibarr 11.0.3 Cross Site Scripting
21.05.2020
Mehmet Kelepce
Low
Victor CMS 1.0 Cross Site Scripting
20.05.2020
Kishan Lal Choudhary
Low
Forma.LMS The E-Learning Suite 2.3.0.2 Cross Site Scripting
19.05.2020
Daniel Ortiz
Low
Tryton 5.4 Cross Site Scripting
14.05.2020
Benjamin Kunz Mejri
Med.
Sellacious eCommerce Shop Cross Site Scripting
14.05.2020
Benjamin Kunz Mejri
Low
Cisco Digital Network Architecture Center 1.3.1.4 Cross Site Scripting
13.05.2020
Dylan Garnaud
Low
Tiny MySQL Cross Site Scripting
11.05.2020
Milad Karimi
Low
WebTareas 2.0p8 Cross Site Scripting
09.05.2020
Bobby Cooke
Low
Sentrifugo CMS 3.2 Cross Site Scripting
09.05.2020
Benjamin Kunz Mejri
Low
LANCOM WLAN Controller Cross Site Scripting
09.05.2020
Benjamin Kunz Mejri
Low
Draytek VigorAP Cross Site Scripting
09.05.2020
Benjamin Kunz Mejri
Low
Create-Project Manager 1.07 Cross Site Scripting / HTML Injection
09.05.2020
thelastvvv
Low
OpenZ ERP 3.6.60 Cross Site Scripting
09.05.2020
Benjamin Kunz Mejri
Low
iChat 1.6 Cross Site Scripting
08.05.2020
thelastvvv
Low
osTicket 1.14.1 Cross Site Scripting
05.05.2020
Mehmet Kelepce
Low
Online Scheduling System v1.0 - Persistent Cross-Site Scripting
02.05.2020
Bobby Cooke
High
Online Scheduling System v1.0 - Authentication Bypass
02.05.2020
Bobby Cooke


CVEMAP Search Results

CVE
Details
Description
2020-09-22
Low
CVE-2020-4615

Vendor: IBM
Software: Data risk ma...
 

 
IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184928.

 
Medium
CVE-2020-4622

Vendor: IBM
Software: Data risk ma...
 

 
IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 184983.

 
2020-09-18
Low
CVE-2020-15769

Vendor: Gradle
Software: Enterprise
 

 
An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS issue exists via the request URL.

 
Low
CVE-2020-5606

Updating...
 

 
Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page.

 
Low
CVE-2020-25735

Vendor: Webtareas project
Software: Webtareas
 

 
webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php.

 
2020-09-17
Low
CVE-2020-13260

Updating...
 

 
A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as the static key file in Configuration-Services-Security-OpenVPN-Static Keys. This payload will execute each time a user opens an affected web page. This could be exploited in conjunction with CVE-2020-13259.

 
Low
CVE-2020-13944

Vendor: Apache
Software: Airflow
 

 
In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.

 
Low
CVE-2020-13169

Vendor: Solarwinds
Software: Orion platform
 

 
Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account).

 
Low
CVE-2020-25729

Vendor: Zoneminder
Software: Zoneminder
 

 
ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.

 
Low
CVE-2020-15183

Vendor: Soycms project
Software: Soycms
 

 
SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scripting (XSS) which leads to Remote Code Execution (RCE) from a known vulnerability. This allows remote attackers to force the administrator to edit files once the adminsitrator loads a specially crafted webpage.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top