CWE:
 

Topic
Date
Author
Low
TemaTres 3.0 Cross Site Scripting
09.12.2019
Pablo Santiago
Low
Wordpress 5.3 XSS
06.12.2019
Unkn0wn
Med.
SALTO ProAccess SPACE 5.5 Traversal / File Write / XSS / Bypass
03.12.2019
W. Schober
Low
Superlist - Directory WordPress Theme v2.9.2 Persistent XSS
02.12.2019
SubversA
Low
ListingPro - WordPress Directory Theme v2.0.14.2 Reflected & Persistent XSS
29.11.2019
SubversA
Low
Cumhuriyet Halk Partisi XSS
25.11.2019
vulnsearcher
Low
TestLink 1.9.19 Cross Site Scripting
21.11.2019
Milad Khoshdel
Low
Raritan CommandCenter Secure Gateway Cross Site Scripting
16.11.2019
Okan Coskun
Low
TP-Link Archer VR300 1 Cross Site Scripting
16.11.2019
Okan Coskun
Low
Linear eMerge E3 1.00-06 Cross Site Scripting
14.11.2019
LiquidWorm
Low
MicroStrategy Library Cross Site Scripting
14.11.2019
Alphan Yavas
Low
Computrols CBAS-Web 19.0.0 Cross Site Scripting
13.11.2019
LiquidWorm
Low
Honeywell MCR Web Controller Cross Site Scripting / Path Disclosure
12.11.2019
Pablo Rebolini
Low
Jenkins Build-Metrics 1.3 Cross Site Scripting
10.11.2019
vesche
Low
Parallels Plesk Panel 9.5 Cross Site Scripting
06.11.2019
Rafay Baloch
Med.
WebKit JSObject::putInlineSlow / JSValue::putToPrimitive Universal XSS
06.11.2019
Google Security Resear...
Low
html5_snmp 1.11 Cross Site Scripting
06.11.2019
Cakes
Low
thrsrossi Millhouse-Project 1.414 Cross Site Scripting
06.11.2019
Cakes
Low
ilchCMS 2.1.23 Cross Site Scripting
05.11.2019
Daniel Bishtawi
Med.
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 Cross Site Scripting
29.10.2019
Cakes
Low
CWP 0.9.8.885 Cross Site Scripting
29.10.2019
Pongtorn Angsuchotmete...
Low
NASA NODIS Cross Site Scripting
22.10.2019
Binit Ghimire
Low
WordPress Soliloquy Lite 2.5.6 Cross Site Scripting
18.10.2019
Unk9vvN
Low
WordPress FooGallery 1.8.12 Cross Site Scripting
18.10.2019
Unk9vvN
Low
WordPress Popup Builder 3.49 Cross Site Scripting
18.10.2019
Unk9vvN
Low
WordPress Broken Link Checker 1.11.8 Cross Site Scripting
17.10.2019
Ismail Doe
Low
Accounts Accounting 7.02 Cross Site Scripting
17.10.2019
Debashis Pal
High
ASUS RT-N10+ 2.0.3.4 CSRF / XSS / Command Execution
15.10.2019
Matheus Vrech
Low
HongCMS 3.0.0 multiple XSS
15.10.2019
Ali Abdollahi
Low
OpenProject 10.0.1 / 9.0.3 Cross Site Scripting
15.10.2019
David Haintz
Low
Openfire 4.4.1 Cross Site Scripting
13.10.2019
Daniel Bishtawi
Low
Intelbras Router WRN150 1.0.18 Cross Site Scripting
13.10.2019
Prof. Joas Antonio
Low
FFTC Agricultural Policy Articles XSS
09.10.2019
Ali Abdollahi
Low
Subrion 4.2.1 Cross Site Scripting
07.10.2019
Min Ko Ko
Low
DotNetNuke Cross Site Scripting
02.10.2019
MaYaSeVeN
Low
V-SOL GPON/EPON OLT Platform 2.03 Cross Site Scripting
30.09.2019
LiquidWorm
Low
Zoner - Real Estate WordPress Theme v4.1.1 Persistent XSS & IDOR
27.09.2019
m0ze
Med.
all-in-one-seo-pack 3.2.7 Cross Site Scripting
27.09.2019
Unk9vvN
Low
Duplicate-Post 3.2.3 Cross Site Scripting
27.09.2019
Unk9vvN
Low
Smart Forum - Forum PHP Script Persistent XSS
27.09.2019
m0ze
Low
WP Server Log Viewer 1.0 Cross Site Scripting
26.09.2019
strider
Low
GOautodial 4.0 Cross Site Scripting
20.09.2019
Cakes
Low
Oracle Mojarra JSF / Eclipse Mojarra JSF 2.2 / 2.3 Cross Site Scripting
19.09.2019
Jean-Benjamin Rousseau
Low
InJob | Multi-purpose for recruitment WordPress Theme v3.3.6 Reflected & Persistent XSS
16.09.2019
SubversA
Med.
Zoner | Real Estate Joomla Theme Persistent XSS
16.09.2019
SubversA
Low
LimeSurvey 3.17.13 Cross Site Scripting
15.09.2019
Andreas Kolbeck
Low
Dolibarr ERP-CRM 10.0.1 Cross Site Scripting
15.09.2019
Metin Yunus Kandemir
Low
Piwigo 2.9.5 Cross Site Request Forgery / Cross Site Scripting
15.09.2019
Rodolfo Tavares
Low
OpenEdx Ironwood.1 Cross Site Scripting
11.09.2019
Daniel Bishtawi
Low
WordPress Checklist 1.1.5 Cross Site Scripting
11.09.2019
Ricardo Sanchez
Med.
WordPress Qwiz Online Quizzes And Flashcards 3.36 Cross Site Scripting
10.09.2019
Ricardo Sanchez
Low
WordPress Sell Downloads 1.0.86 Cross Site Scripting
10.09.2019
Mr Winst0n
Med.
WordPress Ellipsis Human Presence Technology 2.0.8 Cross Site Scripting
10.09.2019
Ricardo Sanchez
Low
Reality | Estate Multipurpose WordPress Theme Persistent XSS
09.09.2019
SubversA
Med.
Selio - Real Estate Directory SQL Injection & Persistent XSS
09.09.2019
SubversA
Med.
Nexos - Real Estate WordPress Theme SQL Injection & Persistent XSS
08.09.2019
SubversA
Low
WordPress API Bearer Auth 20181229 Cross Site Scripting
06.09.2019
Ricardo Sanchez
Low
WordPress Ecpay Logistics For WooCommerce 1.2.181030 Cross Site Scripting
06.09.2019
Ricardo Sanchez
Med.
WordPress Portrait-Archiv.com Photostore 5.0.4 Cross Site Scripting
05.09.2019
Ricardo Sanchez
Low
WordPress Spryng Payments WooCommerce 1.6.7 Cross Site Scripting
05.09.2019
Ricardo Sanchez
Low
Opencart 3.x Cross Site Scripting
03.09.2019
Nipun Somani
Low
Sentrifugo 3.2 Cross Site Scripting
02.09.2019
creosote
Low
WebKitGTK+ / WPE WebKit Code Execution / XSS
02.09.2019
WebKitGTK
Low
Ping Identity Agentless Integration Kit Cross Site Scripting
01.09.2019
Thomas Konrad
Low
LSoft ListServ Cross Site Scripting
27.08.2019
MTK
Low
Snapforce CRM 8.3.0 Cross Site Scripting
23.08.2019
Prasad Lingamaiah
Low
Endian Firewall 3.3.0 Cross Site Scripting
23.08.2019
G0dfather
Low
Neo Billing 3.5 Cross Site Scripting
20.08.2019
n1x_
Low
Kimai 2 Cross Site Scripting
20.08.2019
osamaalaa
Low
National Aeronautics and Space Administration Robotics Alliance Project Reflected XSS Cross Site Scripting
20.08.2019
KingSkrupellos
Low
Open-Xchange OX App Suite Content Spoofing / Cross Site Scripting
17.08.2019
Martin Heiland
Low
Open-Xchange OX Guard Cross Site Scripting / Signature Validation
17.08.2019
Hanno Boeck
Low
BSI Advance Hotel Booking System 2.0 Cross Site Scripting
13.08.2019
Angelo Ruwantha
Low
WebKit Universal Cross Site Scripting
13.08.2019
Google Security Resear...
High
WebKit UXSS via XSLT and Nested Document Replacements
13.08.2019
Google
Low
UNA 10.0.0 RC1 Cross Site Scripting
12.08.2019
Greg Priest
Low
osTicket 1.12 Cross Site Scripting
12.08.2019
Aishwarya Iyer
High
osTicket 1.12 File Upload Cross Site Scripting
12.08.2019
Aishwarya Iyer
Low
Open-School 3.0 / Community Edition 2.3 Cross Site Scripting
09.08.2019
Greg Priest
Low
MapProxy 1.11.0 Cross Site Scripting
08.08.2019
Janek Vind aka waraxe
Low
Netrox SC Live Chat Software for websites Reflected XSS Injection
05.08.2019
m0ze
Low
1CRM On-Premise Software 8.5.7 Cross Site Scripting
03.08.2019
Kusol Watchara-Apanuko...
Low
Ultimate Loan Manager 2.0 Cross Site Scripting
02.08.2019
Metin Yunus Kandemir
Med.
D-Link 6600-AP XSS / DoS / Information Disclosure
01.08.2019
Sandstorm Security
Low
GigToDo - Freelance Marketplace Script v1.3 Reflected & Persistent XSS Injections
29.07.2019
m0ze
Low
Zurmo 3.2.6 Persistent Cross Site Scripting
28.07.2019
Daniel Bishtawi
Low
Zurmo 3.2.6 Reflected Cross Site Scripting
27.07.2019
Daniel Bishtawi
Low
Wind Tre S.P.A mobile operator is Vulnerable to Cross Site Scripting Attack
24.07.2019
wind.it
Low
Real Estate 7 - Real Estate WordPress Theme v2.8.9 Persistent XSS Injection
24.07.2019
m0ze
Low
MyT Project Management 1.5.1 User[username] Persistent Cross-Site Scripting
24.07.2019
Metin Yunus Kandemir (...
Low
Coming Soon Page & Maintenance Mode v1.8.0 Unauthenticated Persistent XSS Injection
23.07.2019
m0ze
Low
REDCap Cross Site Scripting
20.07.2019
Dylan Garnaud
Low
WordPress OneSignal 1.17.5 Cross Site Scripting
19.07.2019
LiquidWorm
Low
Oracle Siebel CRM 19.0 Cross Site Scripting
18.07.2019
Sarath Nair
Low
Sitecore 9.0 Rev 171002 Cross Site Scripting
13.07.2019
Owais Mehtab
Med.
Jenkins Dependency Graph View 0.13 Cross Site Scripting
12.07.2019
Ishaq Mohammed
Low
phpFK lite-version Cross Site Scripting
11.07.2019
Daniel Bishtawi
Low
Karenderia CMS 5.3 Cross Site Scripting
09.07.2019
Sisyshell
Low
FaceSentry Access Control System 6.4.8 Reflected Cross Site Scripting
02.07.2019
LiquidWorm
Low
SquirrelMail 1.4.22 Cross Site Scripting
01.07.2019
Moritz Bechler


CVEMAP Search Results

CVE
Details
Description
2019-12-10
Low
CVE-2014-3656

Vendor: Redhat
Software: Jboss keycloak
 

 
JBoss KeyCloak: XSS in login-status-iframe.html

 
Low
CVE-2019-4663

Vendor: IBM
Software: Websphere ap...
 

 
IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171245.

 
2019-12-09
Low
CVE-2019-19682

Vendor: Nopcommerce
Software: Nopcommerce
 

 
nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/[id] Admin/Blog/BlogPostEdit/[id]. NOTE: the vendor reportedly considers this a "feature" because the affected components are an HTML content editor.

 
2019-12-07
Low
CVE-2019-16772

Vendor: Serialize-to-js project
Software: Serialize-to-js
 

 
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.

 
2019-12-06
Low
CVE-2019-19619

Vendor: Documize
Software: Documize
 

 
domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS.

 
Low
CVE-2019-19552

Vendor: Sangoma
Software: Freepbx
 

 
In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user's account.

 
2019-12-05
Low
CVE-2019-19587

Vendor: WSO2
Software: Enterprise i...
 

 
In WSO2 Enterprise Integrator 6.5.0, reflected XSS occurs when updating the message processor configuration from the source view in the Management Console.

 
Low
CVE-2019-19596

Vendor: Gitbook
Software: Gitbook
 

 
GitBook through 2.6.9 allows XSS via a local .md file.

 
Low
CVE-2013-0283

Vendor: Theforeman
Software: Katello
 

 
Katello: Username in Notification page has cross site scripting

 
Low
CVE-2019-19466

Vendor: Sceditor
Software: Sceditor
 

 
SCEditor 2.1.3 allows XSS.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top