| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI. |
| Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter. |
| TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL. |
| Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code under Present mode. After a victim opens an affected note under Present mode, the attacker can read the victim's files and achieve remote execution command on the victim's computer. |
| Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS. |
| Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML via the dashboard_name parameter in the /ajax_form.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php, and html/includes/forms/edit-dashboard.inc.php. |
| A hidden backdoor on PATLITE NH-FB Series devices with firmware version 1.45 or earlier, NH-FV Series devices with firmware version 1.10 or earlier, and NBM Series devices with firmware version 1.09 or earlier allow attackers to enable an SSH daemon via the "kankichi" or "kamiyo4" password to the _secret1.htm URI. Subsequently, the default password of root for the root account allows an attacker to conduct remote code execution and as a result take over the system. |
| XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request. |
| In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter. |
| An issue was discovered in DESTOON B2B 7.0. admin/category.inc.php has XSS via the category[catname] parameter to the admin.php URI. |
| An issue was discovered in DESTOON B2B 7.0. XSS exists via certain text boxes to the admin.php?moduleid=2&action=add URI. |
| An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to the admin.php URI. |
| Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI. |
| In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI. |
| LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the site_name parameter to the admin/settings/update URI. |
| jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry |
| Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments. |
| The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS. |
| XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter. |
| In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg parameter in a /wp-admin/admin-ajax.php sb_ajax_add_message action. |
