Security Vulnerabilities, CVEs, Published In 2019 (XSS)
invenio-previewer before 1.0.0a12 allows XSS.
Max CVSS
6.1
EPSS Score
0.09%
Published
2019-07-29
Updated
2019-07-31
Misskey before 10.102.4 allows hijacking a user's token.
Max CVSS
6.1
EPSS Score
0.11%
Published
2019-07-29
Updated
2019-09-05
stacktable.js before 1.0.4 allows XSS.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-07-29
Updated
2019-07-31
Dependency-Track before 3.5.1 allows XSS.
Max CVSS
5.4
EPSS Score
0.05%
Published
2019-07-29
Updated
2020-02-13
invenio-communities before 1.0.0a20 allows XSS.
Max CVSS
5.4
EPSS Score
0.05%
Published
2019-07-29
Updated
2019-08-01
invenio-records before 1.2.2 allows XSS.
Max CVSS
5.4
EPSS Score
0.05%
Published
2019-07-29
Updated
2019-08-01
Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-07-11
Updated
2019-07-12
GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). The impact is: All dropdown values are vulnerable to XSS leading to privilege escalation and executing js on admin. The component is: /glpi/ajax/getDropDownValue.php. The attack vector is: 1- User Create a ticket , 2- Admin opens another ticket and click on the "Link Tickets" feature, 3- a request to the endpoint fetches js and executes it.
Max CVSS
5.4
EPSS Score
0.05%
Published
2019-07-15
Updated
2019-07-18
Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url.
Max CVSS
6.1
EPSS Score
0.13%
Published
2019-07-17
Updated
2019-07-22
Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically crafted URL. The fixed version is: 1.7.1 and later.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-07-18
Updated
2019-07-19
ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/mod_auth_openidc.c, Line: 3109. The fixed version is: 2.3.10.2.
Max CVSS
6.1
EPSS Score
0.14%
Published
2019-07-19
Updated
2023-05-25
Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap (attacker) / Corrections view (victim). The fixed version is: 5.3.12.
Max CVSS
6.1
EPSS Score
0.19%
Published
2019-07-22
Updated
2019-10-09
Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing, Alert pop-up on page, Redirecting to another phishing site, Executing browser exploits. The component is: Snippets.
Max CVSS
5.4
EPSS Score
0.06%
Published
2019-07-22
Updated
2019-07-23
Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scripting (XSS). The impact is: Stealing of session cookies. The component is: File: Login. Parameters: interim-login, wp-lang, and supplied URL. The attack vector is: If a victim clicks a malicious link, the attacker can steal his/her account. The fixed version is: 3.0.16.
Max CVSS
6.1
EPSS Score
0.16%
Published
2019-07-23
Updated
2019-07-29
ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site Scripting (XSS). The impact is: JavaScrpit is reflected in the server response, hence executed by the browser. The component is: the query used in the GET request is prone. The attack vector is: Since there is no server-side validation and If Browser encoding is bypassed, the victim is affected when opening a crafted URL. The fixed version is: 5.2.0.
Max CVSS
6.1
EPSS Score
0.07%
Published
2019-07-23
Updated
2019-07-25
hisiphp 1.0.8 is affected by: Cross Site Scripting (XSS).
Max CVSS
6.1
EPSS Score
0.09%
Published
2019-07-24
Updated
2019-07-26
Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browser. The component is: MIAdminStyles.i4. The attack vector is: Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. The fixed version is: 7.4 and later.
Max CVSS
5.4
EPSS Score
0.06%
Published
2019-07-26
Updated
2019-08-05
WebAppick WooCommerce Product Feed 2.2.18 and earlier is affected by: Cross Site Scripting (XSS). The impact is: XSS to RCE via editing theme files in WordPress. The component is: admin/partials/woo-feed-manage-list.php:63. The attack vector is: Administrator must be logged in.
Max CVSS
5.4
EPSS Score
0.23%
Published
2019-07-23
Updated
2023-02-28
Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site Scripting (XSS). The impact is: An attacker might be able to inject arbitrary html and script code into the web site. The component is: jQuery plug-in. The attack vector is: the victim must open a crafted href attribute of a link (A) element.
Max CVSS
6.1
EPSS Score
0.09%
Published
2019-07-19
Updated
2019-07-25
tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab.
Max CVSS
6.1
EPSS Score
0.11%
Published
2019-07-17
Updated
2020-08-11
phpscriptsmall.com School College Portal with ERP Script 2.6.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attack administrators and teachers, students and more. The component is: /pro-school/index.php?student/message/send_reply/. The attack vector is: <img src=x onerror=alert(document.domain) />.
Max CVSS
6.1
EPSS Score
0.09%
Published
2019-07-15
Updated
2019-07-15
Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) - CWE-80. The impact is: Execute java script code on users browser. The component is: web app. The attack vector is: the victim must open a ticket. The fixed version is: 2.3.1, 2.2.2 and 2.1.3.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-07-16
Updated
2019-10-09
Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker.
Max CVSS
6.1
EPSS Score
0.09%
Published
2019-07-15
Updated
2022-11-17
OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting (XSS). The impact is: Theoretically low, but might potentially enable persistent XSS (user could embed mal. code). The component is: Javascript code execution in "Name", "Location", "Bio" and "Starting Page" fields in the "My Account" page. File: Lib/listjs/list.js, line 67. The attack vector is: unknown, victim must open profile page if persistent was possible.
Max CVSS
5.4
EPSS Score
0.06%
Published
2019-07-15
Updated
2019-07-18
HexoEditor v1.1.8-beta is affected by: XSS to code execution.
Max CVSS
6.1
EPSS Score
0.11%
Published
2019-07-15
Updated
2019-07-16
2389 vulnerabilities found
1
2
3
4
5
6 ......
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96