invenio-previewer before 1.0.0a12 allows XSS.
Max CVSS
6.1
EPSS Score
0.09%
Published
2019-07-29
Updated
2019-07-31
Misskey before 10.102.4 allows hijacking a user's token.
Max CVSS
6.1
EPSS Score
0.11%
Published
2019-07-29
Updated
2019-09-05
stacktable.js before 1.0.4 allows XSS.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-07-29
Updated
2019-07-31
Dependency-Track before 3.5.1 allows XSS.
Max CVSS
5.4
EPSS Score
0.05%
Published
2019-07-29
Updated
2020-02-13
invenio-communities before 1.0.0a20 allows XSS.
Max CVSS
5.4
EPSS Score
0.05%
Published
2019-07-29
Updated
2019-08-01
invenio-records before 1.2.2 allows XSS.
Max CVSS
5.4
EPSS Score
0.05%
Published
2019-07-29
Updated
2019-08-01
Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-07-11
Updated
2019-07-12
GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). The impact is: All dropdown values are vulnerable to XSS leading to privilege escalation and executing js on admin. The component is: /glpi/ajax/getDropDownValue.php. The attack vector is: 1- User Create a ticket , 2- Admin opens another ticket and click on the "Link Tickets" feature, 3- a request to the endpoint fetches js and executes it.
Max CVSS
5.4
EPSS Score
0.05%
Published
2019-07-15
Updated
2019-07-18
Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url.
Max CVSS
6.1
EPSS Score
0.13%
Published
2019-07-17
Updated
2019-07-22
Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically crafted URL. The fixed version is: 1.7.1 and later.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-07-18
Updated
2019-07-19
ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/mod_auth_openidc.c, Line: 3109. The fixed version is: 2.3.10.2.
Max CVSS
6.1
EPSS Score
0.14%
Published
2019-07-19
Updated
2023-05-25
Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap (attacker) / Corrections view (victim). The fixed version is: 5.3.12.
Max CVSS
6.1
EPSS Score
0.19%
Published
2019-07-22
Updated
2019-10-09
Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing, Alert pop-up on page, Redirecting to another phishing site, Executing browser exploits. The component is: Snippets.
Max CVSS
5.4
EPSS Score
0.06%
Published
2019-07-22
Updated
2019-07-23
Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scripting (XSS). The impact is: Stealing of session cookies. The component is: File: Login. Parameters: interim-login, wp-lang, and supplied URL. The attack vector is: If a victim clicks a malicious link, the attacker can steal his/her account. The fixed version is: 3.0.16.
Max CVSS
6.1
EPSS Score
0.16%
Published
2019-07-23
Updated
2019-07-29
ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site Scripting (XSS). The impact is: JavaScrpit is reflected in the server response, hence executed by the browser. The component is: the query used in the GET request is prone. The attack vector is: Since there is no server-side validation and If Browser encoding is bypassed, the victim is affected when opening a crafted URL. The fixed version is: 5.2.0.
Max CVSS
6.1
EPSS Score
0.07%
Published
2019-07-23
Updated
2019-07-25
hisiphp 1.0.8 is affected by: Cross Site Scripting (XSS).
Max CVSS
6.1
EPSS Score
0.09%
Published
2019-07-24
Updated
2019-07-26
Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browser. The component is: MIAdminStyles.i4. The attack vector is: Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. The fixed version is: 7.4 and later.
Max CVSS
5.4
EPSS Score
0.06%
Published
2019-07-26
Updated
2019-08-05
WebAppick WooCommerce Product Feed 2.2.18 and earlier is affected by: Cross Site Scripting (XSS). The impact is: XSS to RCE via editing theme files in WordPress. The component is: admin/partials/woo-feed-manage-list.php:63. The attack vector is: Administrator must be logged in.
Max CVSS
5.4
EPSS Score
0.23%
Published
2019-07-23
Updated
2023-02-28
Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site Scripting (XSS). The impact is: An attacker might be able to inject arbitrary html and script code into the web site. The component is: jQuery plug-in. The attack vector is: the victim must open a crafted href attribute of a link (A) element.
Max CVSS
6.1
EPSS Score
0.09%
Published
2019-07-19
Updated
2019-07-25
tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab.
Max CVSS
6.1
EPSS Score
0.11%
Published
2019-07-17
Updated
2020-08-11
phpscriptsmall.com School College Portal with ERP Script 2.6.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attack administrators and teachers, students and more. The component is: /pro-school/index.php?student/message/send_reply/. The attack vector is: <img src=x onerror=alert(document.domain) />.
Max CVSS
6.1
EPSS Score
0.09%
Published
2019-07-15
Updated
2019-07-15
Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) - CWE-80. The impact is: Execute java script code on users browser. The component is: web app. The attack vector is: the victim must open a ticket. The fixed version is: 2.3.1, 2.2.2 and 2.1.3.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-07-16
Updated
2019-10-09
Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker.
Max CVSS
6.1
EPSS Score
0.09%
Published
2019-07-15
Updated
2022-11-17
OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting (XSS). The impact is: Theoretically low, but might potentially enable persistent XSS (user could embed mal. code). The component is: Javascript code execution in "Name", "Location", "Bio" and "Starting Page" fields in the "My Account" page. File: Lib/listjs/list.js, line 67. The attack vector is: unknown, victim must open profile page if persistent was possible.
Max CVSS
5.4
EPSS Score
0.06%
Published
2019-07-15
Updated
2019-07-18
HexoEditor v1.1.8-beta is affected by: XSS to code execution.
Max CVSS
6.1
EPSS Score
0.11%
Published
2019-07-15
Updated
2019-07-16
2389 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!