| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated. |
| WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php. |
| In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882. |
| PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel. |
| Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors. |
| CloudView NMS before 2.10a has XSS via SNMP. |
| In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter. |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/smtpg_add.html with the param parameter. |
| The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript 'eval' function to parse input strings, which allows for XSS attacks by passing specially crafted input strings. |
| Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting (XSS) or open redirect attacks. |
| A Cross-Site Scripting (XSS) was discovered in 'SocialNetwork v1.2.1'. The vulnerability exists due to insufficient filtration of user-supplied data (mail) passed to the 'SocialNetwork-andrea/app/template/pw_forgot.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
| Cross-site scripting (XSS) vulnerability in the displayLogin function in html/index.php in GOsa allows remote attackers to inject arbitrary web script or HTML via the username. |
| Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Monitor before 17.2.32.2279 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function. |
| Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET. |
| Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platform 1.9.0.1. |
| REDCap before 7.5.1 has XSS via the query string. |
| An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as value of the user element, the code will be rendered in the context of any logged in user in the Web UI visiting "Traffic Monitor" sections "Events" and "All." As a side effect, no further events will be visible in the Traffic Monitor until the device is restarted. |
| In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subject and Message fields are vulnerable. |
