CWE:
 

Tytuł
Data
Autor
Low
SOCA Access Control System 180612 Cross Site Scripting
14.05.2019
LiquidWorm
Med.
Prinect Archive System 2015 Release 2.6 Cross Site Scripting
07.05.2019
Alt3kx
Low
Dragon 5.0 / 5.1 Cross Site Scripting
06.05.2019
Josh Sheppard
Low
Zotonic 0.46 mod_admin Cross Site Scripting
04.05.2019
Ramon Janssen
Low
HumHub 1.3.12 Cross Site Scripting
01.05.2019
Kagan Eglence
Low
Apache Archiva 2.2.3 Cross Site Scripting
01.05.2019
Martin S
Low
Apache Pluto 3.0.0 / 3.0.1 Cross Site Scripting
28.04.2019
Mishra Dhiraj
Low
Sierra Wireless AirLink ES450 ACEManager ping_result.cgi Cross Site Scripting
28.04.2019
Cisco Talos
Low
JioFi 4G M2S 1.0.2 Cross Site Scripting
26.04.2019
Vikas Chaudhary
Med.
osTicket 1.11 Cross Site Scripting / Local File Inclusion
26.04.2019
Ozkan Mustafa Akkus
Low
WordPress Download Manager 2.9.93 Cross Site Scripting
18.04.2019
ThuraMoeMyint
Low
Zyxel ZyWall Cross Site Scripting
17.04.2019
Aaron Bishop
Low
Seo Panel Newsletter 1.2.0 Cross Site Scripting
17.04.2019
Deyaa Muhammad
Med.
Nagios XI 5.5.10 XSS / Remote Code Execution
15.04.2019
Abdel Adim Oisfi
Med.
DirectAdmin 1.561 Cross Site Scripting
14.04.2019
Numan OZDEMIR
Low
D-Link DI-524 2.06RU Cross Site Scripting
11.04.2019
Semen Alexandrovich Ly...
Med.
ShoreTel Connect ONSITE Cross Site Scripting / Session Fixation
09.04.2019
Ramikan
Low
CentOS Web Panel 0.9.8.789 Cross Site Scripting
31.03.2019
DKM
Low
Apache CouchDB 2.3.1 Cross Site Request Forgery / Cross Site Scripting
25.03.2019
Ozer Goker
Low
MyBB Upcoming Events 1.32 Cross Site Scripting
20.03.2019
0xB9
Low
Gila CMS 1.9.1 Cross Site Scripting
20.03.2019
Ahmet Umit Bayram
Low
Vembu Storegrid Web Interface 4.4.0 Cross Site Scripting / Information Disclosure
16.03.2019
Gionathan Reale
Low
ntopng 3.8.190307 Community Edition Cross Site Scripting
14.03.2019
Ozer Goker
Low
pfSense 2.4.4-p1 (HAProxy Package 0.59_14) Cross Site Scripting
14.03.2019
Gionathan Reale
Low
OrientDB 3.0.17 GA Community Edition XSS / CSRF
08.03.2019
Ozer Goker
Low
ClearOS 7 Community Edition Cross Site Scripting
07.03.2019
Ozer Goker
Med.
Bold CMS 3.6.4 Cross Site Scripting
05.03.2019
Ismail Tasdelen
Low
SAP J2EE Engine/7.01/Fiori test2 Cross Site Scripting
05.03.2019
Ece Orsel
Low
SAP J2EE Engine/7.01/Portal/EPP Protocol Cross Site Scripting
05.03.2019
Ece Orsel
Low
Ability Mail Server 4.2.6 Cross Site Scripting
05.03.2019
Aloyce J. Makalanga
Low
Fiberhome AN5506-04-F RP2669 Cross Site Scripting
05.03.2019
Tauco
Low
Craft CMS 3.1.12 Pro Cross Site Scripting
05.03.2019
Ismail Tasdelen
Low
Mailtraq WebMail 2.17.7.3550 Cross Site Scripting
05.03.2019
Aloyce J. Makalanga
Med.
DomainMOD 4.11.01 Custom SSL Fields Cross Site Scripting
03.03.2019
Mohammed Abdul Raheem
Low
PRTG Network Monitor 7.1.3.3378 Cross Site Scripting
03.03.2019
Rafael Pedrero
Low
Zentyal Server Development Edition 6.0 Cross Site Scripting
28.02.2019
Ozer Goker
Low
DomainMOD 4.11.01 Owner Name Cross Site Scripting
28.02.2019
Mohammed Abdul Raheem
Low
vBulletin 4.2.0 ChangUonDyU Chatbox Plugins 3.6.0 Cross Site Scripting
26.02.2019
KingSkrupellos
Low
MyBB 1.6.x ChangUonDyU Chatbox Plugins 3.6.0 Cross Site Scripting
26.02.2019
KingSkrupellos
Low
Tautulli 2.1.26 Cross Site Scripting
23.02.2019
Geeknik Labs
Low
Medical Store Script 3.0.3 Cross Site Scripting
22.02.2019
Mr Winst0n
Low
VertrigoServ 2.17 Cross Site Scripting
22.02.2019
Rafael Pedrero
Low
HotelDruid 2.3 Cross Site Scripting
21.02.2019
Mehmet Emiroglu
Low
Tech News 4.3.4 Cross Site Scripting
21.02.2019
Mr Winst0n
Med.
XAMPP 5.6.8 Cross Site Scripting / SQL Injection
20.02.2019
Rafael Pedrero
Low
ArangoDB Community Edition 3.4.2-1 Cross Site Scripting
19.02.2019
Ozer Goker
Low
Apache CouchDB 2.3.0 Cross Site Scripting
19.02.2019
Ozer Goker
Low
qdPM 9.1 Cross Site Scripting
19.02.2019
Mehmet Emiroglu
Low
Comodo Dome Firewall 2.7.0 Cross Site Scripting
19.02.2019
Ozer Goker
Low
X-Cart shopping cart software V5 (Cross site scripting)
18.02.2019
Ramkumar Ganesan
Low
MyBB Trash Bin 1.1.3 Cross Site Request Forgery / Cross Site Scripting
18.02.2019
0xB9
Low
JobFinder Cross Site Scripting
17.02.2019
Deyaa Muhammad
Low
WeHelp 1.6 Cross Site Scripting
17.02.2019
Deyaa Muhammad
Low
ZuzMusic 2.1 Cross Site Scripting
17.02.2019
Deyaa Muhammad
Low
Jiofi 4 (JMR 1140) Cross Site Scripting
14.02.2019
Ronnie T Baby
Low
Rukovoditel Project Management CRM 2.4.1 Cross Site Scripting
14.02.2019
Mehmet Emiroglu
Low
MyBB Bans List 1.0 Cross Site Scripting
13.02.2019
0xB9
Low
Webiness Inventory 2.3 - 'request' XSS Vulnerability
11.02.2019
Mehmet EMIROGLU
Low
SAMSUNG X7400GX Sync Thru Web Cross Site Scripting
11.02.2019
Rafael Pedrero
Low
Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 XSS
11.02.2019
Rafael Pedrero
Low
Ericsson Active Library Explorer (ALEX) 14.3 Cross Site Scripting
11.02.2019
Rafael Pedrero
Med.
Smoothwall Express 3.1-SP4-polar-x86_64-update9 Cross Site Scripting
07.02.2019
Ozer Goker
Low
WordPress KingComposer 2.7.6 Cross Site Scripting
06.02.2019
Tim Coen
Med.
WordPress Contact Form Email 1.2.65 CSRF / Cross Site Scripting
06.02.2019
Tim Coen
Low
WordPress YOP Poll 6.0.2 Cross Site Scripting
05.02.2019
Tim Coen
Low
WordPress Font Organizer 2.1.1 Cross Site Scripting
05.02.2019
Tim Coen
Low
WordPress Blog2Social 5.0.2 Cross Site Scripting
05.02.2019
Tim Coen
Low
WordPress Quiz And Survey Master 6.0.4 Cross Site Scripting
05.02.2019
Tim Coen
Med.
WordPress Forminator 1.5.4 Cross Site Scripting / SQL Injection
05.02.2019
Tim Coen
Low
Megaxus Reflectied XSS
03.02.2019
abay
Low
Zimbra Collaboration Cross Site Scripting
02.02.2019
Issam Rabhi
Low
SolarWinds Serv-U FTP 15.1.6.25 Cross Site Scripting
02.02.2019
Chris Moberly
Low
MyBB IP History Logs 1.0.2 Cross Site Scripting
30.01.2019
0xB9
Low
Collabtive 3.1 Cross Site Scripting
30.01.2019
Zekvan Arslan
Med.
Cisco Firepower Management Center 6.2.2.2 / 6.2.3 XSS
30.01.2019
Bhushan B. Patil
Low
Nessus 8.2.1 Cross Site Scripting
29.01.2019
Ozer Goker
Low
Rundeck Community Edition Cross Site Scripting
29.01.2019
Ishaq Mohammed
Low
OPNsense 18.7 Cross Site Scripting
29.01.2019
Ozer Goker
Low
pfSense 2.4.4-p1 Cross Site Scripting
29.01.2019
Ozer Goker
Low
Abantecart 1.2.12 Cross Site Scripting
25.01.2019
Omer Citak
Low
Podcast Generator 2.7 Cross Site Scripting
25.01.2019
Zekvan Arslan
Low
Endian Firewall Community release 3.3.0 Cross Site Scripting
25.01.2019
Ozer Goker
Low
SirsiDynix e-Library 3.5.x Cross Site Scripting
25.01.2019
Ozkan Mustafa Akkus
Low
DNN 9.1 XML Related Cross Site Scripting
24.01.2019
Mustafa Yalcin
Low
Comodo KORUGAN VM 1.9.3.1100 Cross Site Scripting
22.01.2019
Ozer Goker
Low
SIDU 6.0 Cross Site Scripting
22.01.2019
Ozer Goker
Low
Oracle Reports Developer 12.2.1.3 Cross Site Scripting
18.01.2019
Mohamed M.Fouad
Low
Webmin 1.890 Cross Site Scripting
15.01.2019
Foo Jong Meng
Low
HMS Netbiter WS100 3.30.5 Cross Site Scripting
14.01.2019
Micha Borrmann
Low
PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 Reflected XSS
13.01.2019
Sukanta Beniya
Low
Ampache 3.8.6 Cross Site Scripting
10.01.2019
Zekvan Arslan
Low
ZTE MF65 BD_HDV6MF65V1.0.0B05 Cross Site Scripting
10.01.2019
Nathu Nandwani
Low
MDwiki Cross Site Scripting
10.01.2019
Evi1m0
Low
ZenPhoto 1.4.14 Cross Site Scripting
09.01.2019
Zekvan Arslan
Low
Mantis 2.11.1 Cross Site Scripting
09.01.2019
Omer Citak
Low
Educational Websites Developper - Chris Deotte - Cross Site Scripting (XSS)
09.01.2019
Salvatrucha
Low
TWiki 6.0.2 Cross Site Scripting
08.01.2019
Jiawang Zhang
Low
phpMoAdmin 1.1.5 Cross Site Request Forgery / Cross Site Scripting
08.01.2019
Ozer Goker
Low
Base Soundtouch 18.1.4 Cross Site Scripting
08.01.2019
Tim Schughart
Low
MyBB OUGC Awards 1.8.3 Cross Site Scripting
08.01.2019
0xB9


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2019-05-21
Low
CVE-2019-12250

Vendor: Identityserver
Software: Identityserver4
 

 
IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs LogForErrorContext method, which can be triggered by viewing a log.

 
Low
CVE-2019-12189

Vendor: Zohocorp
Software: Manageengine...
 

 
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.

 
Low
CVE-2019-12190

Vendor: Centos-webpanel
Software: Centos web panel
 

 
XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter.

 
2019-05-20
Low
CVE-2019-11809

Vendor: Joomla
Software: Joomla!
 

 
An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.

 
Low
CVE-2019-4011

Vendor: IBM
Software: Bigfix platform
 

 
IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155885.

 
Low
CVE-2019-10076

Vendor: Apache
Software: Jspwiki
 

 
A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.

 
Low
CVE-2019-10077

Vendor: Apache
Software: Jspwiki
 

 
A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.

 
Low
CVE-2019-10078

Vendor: Apache
Software: Jspwiki
 

 
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.

 
2019-05-19
Low
CVE-2019-12184

Vendor: Boostio
Software: Boostnote
 

 
There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136.

 
2019-05-17
Low
CVE-2019-8926

Vendor: Zohocorp
Software: Manageengine...
 

 
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top