CVE-2020-5749

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting XSS attacks by creating a crafted group...

CVE-2020-35126

Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy...

CVE-2020-5191

PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities...

CVE-2020-15536

An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress. Persistent XSS can occur via any of the registration fields...

CVE-2020-14294

An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board...

CVE-2020-15597

SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statutes Comment, Places Comment, or Resources Comment field...

CVE-2020-11556

An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There are multiple persistent stored and reflected XSS vulnerabilities...

CVE-2020-14223

HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting XSS. The vulnerability could be employed in a reflected or non-persistent XSS attack...

CVE-2020-23048

SeedDMS Content Management System v6.0.7 contains a persistent cross-site scripting XSS vulnerability in the component AddEvent.php via the name and comment parameters...

CVE-2020-9019

The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via the Add Job form, as demonstrated by title and Description...

CVE-2020-5746

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting XSS attacks by creating a crafted test...

CVE-2020-15535

An issue was discovered in the bestsoftinc Car Rental System plugin through 1.3 for WordPress. Persistent XSS can occur via any of the registration fields...

CVE-2020-5205

In Pow Hex package before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a database. Cookie store, which is used in most Phoenix apps, doesn't have this vulnerability...

CVE-2020-13427

Victor CMS 1.0 has Persistent XSS in admin/users.php?source=adduser via the username, userfirstname, or userlastname parameter...

CVE-2018-7278

An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP 2.1 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP...

CVE-2019-5471

An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6...

CVE-2019-19393

The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.002 to V3.15.704 devices fails to sanitize user input on the system configurations page. This allows an attacker to backdoor the device with HTML and browser-interpreted content such as JavaScript or other client-side scripts as the...

CVE-2019-19642

On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or...

CVE-2019-8702

This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier...

CVE-2019-8947

Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS...