Vulnerabilities (CVE)

CWE filter

CWE-79

Filter

12018 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-14227 1 Open-xchange 1 Open-xchange Appsuite 2019-10-16 4.3
OX App Suite 7.10.1 and 7.10.2 allows XSS.
CVE-2019-17535 1 Gilacms 1 Gila Cms 2019-10-16 4.3
Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.
CVE-2015-1981 1 Ibm 1 Domino 2019-10-16 2.1
Cross-site scripting (XSS) vulnerability in the web server in IBM Domino 8.5.x before 8.5.3 FP6 IF8 and 9.x before 9.0.1 FP4, when Webmail is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka...
CVE-2019-17504 1 Kirona 1 Dynamic Resource Scheduling 2019-10-16 4.3
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. A reflected Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script via the /osm/report/ password parameter.
CVE-2010-5339 2019-10-15 4.3
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0.
CVE-2010-5338 2019-10-15 4.3
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0.
CVE-2010-5337 2019-10-15 4.3
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.
CVE-2010-5340 2019-10-15 4.3
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.
CVE-2010-5336 2019-10-15 4.3
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.
CVE-2015-9472 1 Monitorbacklinks 1 Incoming Links 2019-10-15 4.3
The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header.
CVE-2019-17496 1 Craftcms 1 Craft Cms 2019-10-15 4.3
Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion.
CVE-2019-17494 1 Laravel-bjyblog Project 1 Laravel-bjyblog 2019-10-15 4.3
laravel-bjyblog 6.1.1 has XSS via a crafted URL.
CVE-2015-9478 2019-10-15 4.3
prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS.
CVE-2019-17108 1 Centreon 1 Centreon Web 2019-10-15 4.3
Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user.
CVE-2019-17488 1 B3log 1 Symphony 2019-10-15 4.3
b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header.
CVE-2019-1375 2019-10-15 3.5
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.
CVE-2018-16551 1 Lavalite 1 Lavalite 2019-10-15 3.5
LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit.
CVE-2019-17092 1 Openproject 1 Openproject 2019-10-14 4.3
An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled.
CVE-2016-10873 1 Wpseeds 1 Wp Database Backup 2019-10-12 4.3
The wp-database-backup plugin before 4.3.3 for WordPress has XSS.
CVE-2019-1070 1 Microsoft 1 Sharepoint Enterprise Server 2019-10-11 3.5
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.