CVE-2019-8148

A stored cross-site scripting XSS vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when creating a content page via page builder...

CVE-2019-8145

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into the attribute set name when listing the products...

CVE-2019-8146

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code when adding a new customer attribute for stores...

CVE-2019-8128

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting malicious Javascript into the name of main website...

CVE-2019-8117

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticates user can inject arbitrary JavaScript code via product view id specification...

CVE-2019-8120

A stored cross-site scripting XSS vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user can inject arbitrary Javascript code by manipulating section of a POST request related to customer's email address...

CVE-2019-7921

A stored cross-site scripting vulnerability exists in the product catalog form of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the product catalog to inject malicious javascript...

CVE-2019-6514

An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to inject a JavaScript payload that will be stored in the database and then displayed and executed on the same page, aka XSS...

CVE-2019-4301

BigFix Self-Service Application SSA is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML...

CVE-2019-19222

A Stored XSS issue in the D-Link DSL-2680 web administration interface Firmware EU1.03 allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wirelessautonetwork1 POST request...

CVE-2019-11818

Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting XSS in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp. This allows an attacker to insert arbitrary JavaScript as user input First Name or Last Name, which will be executed whenever the affected...

CVE-2019-16332

In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS...

CVE-2019-16525

An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code...

CVE-2019-14756

An issue was discovered in KaiOS 1.0, 2.5, and 2.5.12.5. The pre-installed Email application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a specially crafted email to the victim that will inject HTML into the email application's UI as soon as the email is opened. A...

CVE-2019-14548

An issue was discovered in EspoCRM before 5.6.9. Stored XSS in the body of an Article was executed when a victim opens articles received through mail. This Article can be formed by an attacker using the Knowledge Base feature in the tab list. The attacker could inject malicious JavaScript inside...

CVE-2019-14549

An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed inside the title and breadcrumb of a newly formed entity available to all the users. A malicious user can inject JavaScript in these values of an entity, thus stealing user cookies when someone visits the publicly accessible...

CVE-2019-7944

A stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the Retur...

CVE-2019-10756

It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the uinotification node accepting raw HTML by default...

CVE-2019-12844

A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.3...

CVE-2018-16625

index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element...