| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| ilchCMS 2.1.23 allows XSS via the index.php/partner/index Link parameter. |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/ URI. |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/method/ URI. |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the user/ URI, as demonstrated by a crafted e-mail address. |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the project/ URI. |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the contact/ URI. |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the blog/ URI. |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the addresses/ URI. |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the address/ URI. |
| Open edX Ironwood.1 allows support/certificates?user= reflected XSS. |
| Open edX Ironwood.1 allows support/certificates?course_id= reflected XSS. |
| ERPNext 11.1.47 allows blog?blog_category= Frame Injection. |
| cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533). |
| cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520). |
| An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple pages (setup.cgi and adv_index.htm) within the web management console are vulnerable to stored XSS, as demonstrated by the configuration of the UI language. |
| An issue was discovered in Viki Vera 4.9.1.26180. An attacker could set a user's last name to an XSS Payload, and read another user's cookie and use that to login to the application. |
| An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-20470. |
| An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in mediaType has been identified in the registry UI. |
| An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in roleToAuthorize has been identified in the registry UI. |
| An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting (XSS) vulnerability has been identified in the 'implement phase' of the API Publisher. |
