1206711 matches found
Jorani Leave Management System 0.6.5 - Cross-Site Scripting
Persistent cross-site scripting XSS issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language. id: CVE-2018-15917 info: name: Jorani Leave Management System 0.6.5 - Cross-Site Scripting author: ritikchaddha severity: medium...
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 is vulnerable to reflected cross-site scripting via assets/edit/registrar-account.php. id: CVE-2018-19136 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 is vulnerable to reflected cross-site scripting v...
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 is vulnerable to reflected cross-site Scripting via assets/edit/ip-address.php. id: CVE-2018-19137 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 is vulnerable to reflected cross-site Scripting via...
KindEditor 4.1.11 - Cross-Site Scripting
KindEditor 4.1.11 contains a cross-site scripting vulnerability via the php/demo.php content1 parameter. id: CVE-2019-7543 info: name: KindEditor 4.1.11 - Cross-Site Scripting author: pikpikcu severity: medium description: KindEditor 4.1.11 contains a cross-site scripting vulnerability via the...
WordPress Woody Ad Snippets <2.2.5 - Cross-Site Scripting/Remote Code Execution
WordPress Woody Ad Snippets prior to 2.2.5 is susceptible to cross-site scripting and remote code execution via admin/includes/class.import.snippet.php, which allows unauthenticated options import as demonstrated by storing a cross-site scripting payload for remote code execution. id:...
Linear eMerge E3 - Cross-Site Scripting
Linear eMerge E3-Series devices are vulnerable to cross-site scripting via the 'layout' parameter. id: CVE-2019-7255 info: name: Linear eMerge E3 - Cross-Site Scripting author: arafatansari severity: medium description: | Linear eMerge E3-Series devices are vulnerable to cross-site scripting via...
WordPress Sell Media 2.4.1 - Cross-Site Scripting
WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter aka $searchterm or the Search field. id: CVE-2019-6112 info: name: WordPress Sell Media 2.4.1 -...
Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting
Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. id: CVE-2019-7219 info: name: Zarafa WebApp =2.0.1.47791 -...
Fortinet FortiOS - Cross-Site Scripting
Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal are vulnerable to cross-site scripting and allows attacker to execute unauthorized malicious script code via the error or message handling parameters. id: CVE-2018-13380 info: name:...
BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting
BIBLIOsoft BIBLIOpac 2008 contains a cross-site scripting vulnerability via the db or action parameter to bin/wxis.exe/bibliopac/, which allows a remote attacker to inject arbitrary web script or HTML. id: CVE-2018-16139 info: name: BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting author:...
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /domain//admin/dw/add-server.php DisplayName parameters. id: CVE-2018-19892 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripti...
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/category.php CatagoryName and StakeHolder parameters. id: CVE-2018-20011 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD through version...
Planon <Live Build 41 - Cross-Site Scripting
Planon before Live Build 41 is vulnerable to cross-site scripting. id: CVE-2018-18570 info: name: Planon Live Build 41 - Cross-Site Scripting author: emadshanab severity: medium description: Planon before Live Build 41 is vulnerable to cross-site scripting. impact: | Successful exploitation of th...
DedeCMS 5.7 SP2 - Cross-Site Scripting
DedeCMS 5.7 SP2 is vulnerable to cross-site scripting via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATHINFO to /member/index.php, /member/pm.php,...
WordPress SagePay Server Gateway for WooCommerce <1.0.9 - Cross-Site Scripting
WordPress SagePay Server Gateway for WooCommerce before 1.0.9 is vulnerable to cross-site scripting via the includes/pages/redirect.php page parameter. id: CVE-2018-5316 info: name: WordPress SagePay Server Gateway for WooCommerce 1.0.9 - Cross-Site Scripting author: daffainfo severity: medium...
Oracle Fusion Middleware WebCenter Sites 11.1.1.8.0 - Cross-Site Scripting
The Oracle WebCenter Sites 11.1.1.8.0 component of Oracle Fusion Middleware is impacted by easily exploitable cross-site scripting vulnerabilities that allow high privileged attackers with network access via HTTP to compromise Oracle WebCenter Sites. id: CVE-2018-3238 info: name: Oracle Fusion...
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/ssl-provider-account.php Username field. id: CVE-2018-20010 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD through version 4.11.01 is...
DomainMOD <=4.11.01 - Cross-Site Scripting
DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the assets/edit/host.php Web Host Name or Web Host URL field. id: CVE-2018-19915 info: name: DomainMOD =4.11.02 to mitigate this vulnerability. reference: - https://github.com/domainmod/domainmod/issues/87 -...
Adiscon LogAnalyzer <4.1.7 - Cross-Site Scripting
Adiscon LogAnalyzer before 4.1.7 contains a cross-site scripting vulnerability in the 'referer' parameter of the login.php file. id: CVE-2018-19877 info: name: Adiscon LogAnalyzer 4.1.7 - Cross-Site Scripting author: arafatansari severity: medium description: | Adiscon LogAnalyzer before 4.1.7...
WordPress JSmol2WP <=1.07 - Cross-Site Scripting
WordPress JSmol2WP version 1.07 and earlier is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter. id: CVE-2018-20462 info: name: WordPress JSmol2WP =1.07 - Cross-Site Scripting author: daffainfo severity: medium...