CVE |
Vendors |
Products |
Updated |
CVSS |
CVE-2019-14227 |
1 Open-xchange |
1 Open-xchange Appsuite |
2019-10-16 |
4.3 |
OX App Suite 7.10.1 and 7.10.2 allows XSS. |
CVE-2019-17535 |
1 Gilacms |
1 Gila Cms |
2019-10-16 |
4.3 |
Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647. |
CVE-2015-1981 |
1 Ibm |
1 Domino |
2019-10-16 |
2.1 |
Cross-site scripting (XSS) vulnerability in the web server in IBM Domino 8.5.x before 8.5.3 FP6 IF8 and 9.x before 9.0.1 FP4, when Webmail is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka... |
CVE-2019-17504 |
1 Kirona |
1 Dynamic Resource Scheduling |
2019-10-16 |
4.3 |
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. A reflected Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script via the /osm/report/ password parameter. |
CVE-2010-5339 |
|
|
2019-10-15 |
4.3 |
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0. |
CVE-2010-5338 |
|
|
2019-10-15 |
4.3 |
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0. |
CVE-2010-5337 |
|
|
2019-10-15 |
4.3 |
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0. |
CVE-2010-5340 |
|
|
2019-10-15 |
4.3 |
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0. |
CVE-2010-5336 |
|
|
2019-10-15 |
4.3 |
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0. |
CVE-2015-9472 |
1 Monitorbacklinks |
1 Incoming Links |
2019-10-15 |
4.3 |
The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header. |
CVE-2019-17496 |
1 Craftcms |
1 Craft Cms |
2019-10-15 |
4.3 |
Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion. |
CVE-2019-17494 |
1 Laravel-bjyblog Project |
1 Laravel-bjyblog |
2019-10-15 |
4.3 |
laravel-bjyblog 6.1.1 has XSS via a crafted URL. |
CVE-2015-9478 |
|
|
2019-10-15 |
4.3 |
prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS. |
CVE-2019-17108 |
1 Centreon |
1 Centreon Web |
2019-10-15 |
4.3 |
Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user. |
CVE-2019-17488 |
1 B3log |
1 Symphony |
2019-10-15 |
4.3 |
b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header. |
CVE-2019-1375 |
|
|
2019-10-15 |
3.5 |
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. |
CVE-2018-16551 |
1 Lavalite |
1 Lavalite |
2019-10-15 |
3.5 |
LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit. |
CVE-2019-17092 |
1 Openproject |
1 Openproject |
2019-10-14 |
4.3 |
An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled. |
CVE-2016-10873 |
1 Wpseeds |
1 Wp Database Backup |
2019-10-12 |
4.3 |
The wp-database-backup plugin before 4.3.3 for WordPress has XSS. |
CVE-2019-1070 |
1 Microsoft |
1 Sharepoint Enterprise Server |
2019-10-11 |
3.5 |
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. |