Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-1889

Summary
Assigner-WPScan
Assigner Org ID-1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81
Published At-20 Jun, 2022 | 10:26
Updated At-03 Aug, 2024 | 00:17
Rejected At-
Credits

Newsletter < 7.4.6 - Admin+ Stored Cross-Site Scripting

The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:WPScan
Assigner Org ID:1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81
Published At:20 Jun, 2022 | 10:26
Updated At:03 Aug, 2024 | 00:17
Rejected At:
▼CVE Numbering Authority (CNA)
Newsletter < 7.4.6 - Admin+ Stored Cross-Site Scripting

The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed

Affected Products
Vendor
Unknown
Product
Newsletter – Send awesome emails from WordPress
Versions
Affected
  • From 7.4.6 before 7.4.6 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Cross-site Scripting (XSS)
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Cross-site Scripting (XSS)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
PHYO WIN SHEIN
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wpscan.com/vulnerability/ee3832e2-ce40-4063-a23e-44c7f7f5f46a
x_refsource_MISC
Hyperlink: https://wpscan.com/vulnerability/ee3832e2-ce40-4063-a23e-44c7f7f5f46a
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wpscan.com/vulnerability/ee3832e2-ce40-4063-a23e-44c7f7f5f46a
x_refsource_MISC
x_transferred
Hyperlink: https://wpscan.com/vulnerability/ee3832e2-ce40-4063-a23e-44c7f7f5f46a
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:contact@wpscan.com
Published At:20 Jun, 2022 | 11:15
Updated At:28 Jun, 2022 | 16:59

The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.8MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Primary2.03.5LOW
AV:N/AC:M/Au:S/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 4.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Type: Primary
Version: 2.0
Base score: 3.5
Base severity: LOW
Vector:
AV:N/AC:M/Au:S/C:N/I:P/A:N
CPE Matches
thenewsletterplugin
thenewsletterplugin
>>newsletter>>Versions before 7.4.6(exclusive)
cpe:2.3:a:thenewsletterplugin:newsletter:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarycontact@wpscan.com
CWE ID: CWE-79
Type: Primary
Source: contact@wpscan.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://wpscan.com/vulnerability/ee3832e2-ce40-4063-a23e-44c7f7f5f46acontact@wpscan.com
Exploit
Third Party Advisory
Hyperlink: https://wpscan.com/vulnerability/ee3832e2-ce40-4063-a23e-44c7f7f5f46a
Source: contact@wpscan.com
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

8596Records found
CVE-2019-20715
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.24% / 47.29%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 15:40
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6100 before 1.0.0.63, D7800 before 1.0.1.47, DM200 before 1.0.0.61, R7500v2 before 1.0.3.40, R7800 before 1.0.2.60, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, and RBS50 before 2.3.0.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7800_firmwaredm200d6000_firmwared7800rbs50_firmwared6000dm200_firmwarerbs50r7500rbr50_firmwared3600_firmwarer7500_firmwarerbr50r7800d6100_firmwared6100d3600rbk50r7800_firmwarerbk50_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29210
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-4.8||MEDIUM
EPSS-0.27% / 50.06%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 14:11
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.

Action-Not Available
Vendor-n/aHP Inc.
Product-proliant_dl360_gen10_serverproliant_dl325_gen10_plus_serverproliant_dl385_gen10_serverproliant_dl580_gen10_serverproliant_dl560_gen10_serverproliant_xl270d_gen10_serverproliant_bl460c_gen10_server_bladesimplivity_2600proliant_dl385_gen10_plus_serverintegrated_lights-out_4proliant_xl170r_gen10_serverproliant_ml350_gen10_serverproliant_dl120_gen10_serverproliant_dl380_gen10_serverproliant_xl450_gen10_serversimplivity_380_gen10_gproliant_ml30_gen10_serverproliant_xl230k_gen10_serverproliant_xl190r_gen10_serverproliant_ml110_gen10_serverintegrated_lights-out_5simplivity_380_gen9proliant_dl160_gen10_serversimplivity_380_gen10proliant_dl180_gen10_serverproliant_dl325_gen10_serverproliant_dl20_gen10_serversimplivity_325simplivity_380_gen10_hHPE Integrated Lights-Out 4 (iLO 4) For HPE Gen9 servers; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2019-20644
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.2||MEDIUM
EPSS-0.24% / 47.56%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 17:17
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax40_firmwarerax40n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-22719
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 42.76%
||
7 Day CHG~0.00%
Published-22 Nov, 2021 | 22:20
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Shimo Document v2.0.1 contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the table content text field.

Action-Not Available
Vendor-shimon/a
Product-documentn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20639
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.43% / 62.00%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 17:11
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbr50rbk50rbs50_firmwarerbk50_firmwarerbs50rbr50_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-8440
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.24% / 46.27%
||
7 Day CHG~0.00%
Published-07 Mar, 2019 | 22:00
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the third textbox (aka site logo) of "System setting->site setting" of admin/index.php, aka site_logo.

Action-Not Available
Vendor-dilicmsn/a
Product-dilicmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-8288
Matching Score-4
Assigner-Larry Cashdollar
ShareView Details
Matching Score-4
Assigner-Larry Cashdollar
CVSS Score-5.4||MEDIUM
EPSS-0.26% / 49.02%
||
7 Day CHG~0.00%
Published-01 Oct, 2019 | 19:53
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized.

Action-Not Available
Vendor-online_store_system_projectabcprintf
Product-online_store_systemOnline Store
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-23052
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.28% / 51.24%
||
7 Day CHG~0.00%
Published-22 Oct, 2021 | 19:20
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Catalyst IT Ltd Mahara CMS v19.10.2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component groupfiles.php via the Number (Nombre) and Description (Descripción) parameters.

Action-Not Available
Vendor-catalystn/a
Product-maharan/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-23207
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.26% / 49.33%
||
7 Day CHG~0.00%
Published-01 Jul, 2021 | 20:09
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Edit Values" field under the "Configure Attributes" module.

Action-Not Available
Vendor-phplistn/a
Product-phplistn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2012-6148
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.5||LOW
EPSS-0.21% / 43.23%
||
7 Day CHG-0.01%
Published-01 Jul, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aTYPO3 Association
Product-typo3n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20660
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 18:57
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs40rbs40_firmwarerbk20rbr40_firmwarerbs20_firmwarerbs50_firmwarerbs20rbr40rbs50rbr50_firmwarerbk40rbr20rbr50rbr20_firmwarerbk50rbk40_firmwarerbk50_firmwarerbk20_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-23654
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 42.76%
||
7 Day CHG~0.00%
Published-26 Aug, 2020 | 16:42
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module "Shop."

Action-Not Available
Vendor-naviwebsn/a
Product-navigatecmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-23240
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.30% / 53.45%
||
7 Day CHG~0.00%
Published-26 Jul, 2021 | 20:06
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature.

Action-Not Available
Vendor-n/aThe CMS Made Simple Foundation
Product-cms_made_simplen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-24924
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.26% / 49.00%
||
7 Day CHG~0.00%
Published-15 Sep, 2020 | 12:50
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Persistent Cross-site Scripting vulnerability is found in ElkarBackup v1.3.3, where an attacker can steal the user session cookie using this vulnerability present on Policies >> action >> Name Parameter

Action-Not Available
Vendor-elkarbackupn/a
Product-elkarbackupn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-0578
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.87%
||
7 Day CHG~0.00%
Published-14 May, 2018 | 13:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting vulnerability in PixelYourSite plugin prior to version 5.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-pixelyoursiteMinimal Work SRL
Product-pixelyoursitePixelYourSite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29211
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-4.8||MEDIUM
EPSS-0.32% / 54.35%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 14:11
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.

Action-Not Available
Vendor-n/aHP Inc.
Product-proliant_dl360_gen10_serverproliant_dl325_gen10_plus_serverproliant_dl385_gen10_serverproliant_dl580_gen10_serverproliant_dl560_gen10_serverproliant_xl270d_gen10_serverproliant_bl460c_gen10_server_bladesimplivity_2600proliant_dl385_gen10_plus_serverintegrated_lights-out_4proliant_xl170r_gen10_serverproliant_ml350_gen10_serverproliant_dl120_gen10_serverproliant_dl380_gen10_serverproliant_xl450_gen10_serversimplivity_380_gen10_gproliant_ml30_gen10_serverproliant_xl230k_gen10_serverproliant_xl190r_gen10_serverproliant_ml110_gen10_serverintegrated_lights-out_5simplivity_380_gen9proliant_dl160_gen10_serversimplivity_380_gen10proliant_dl180_gen10_serverproliant_dl325_gen10_serverproliant_dl20_gen10_serversimplivity_325simplivity_380_gen10_hHPE Integrated Lights-Out 4 (iLO 4) For HPE Gen9 servers; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-2289
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 42.60%
||
7 Day CHG~0.00%
Published-08 Oct, 2020 | 12:40
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-active_choicesJenkins Active Choices Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20668
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.46% / 64.08%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 19:06
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs40rbs40_firmwarerbk20rbr40_firmwarerbs20_firmwarerbs50_firmwarerbs20rbr40rbs50rbr50_firmwarerbk40rbr20rbr50rbr20_firmwarerbk50rbk40_firmwarerbk50_firmwarerbk20_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20667
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 19:05
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs40rbs40_firmwarerbk20rbr40_firmwarerbs20_firmwarerbs50_firmwarerbs20rbr40rbs50rbr50_firmwarerbk40rbr20rbr50rbr20_firmwarerbk50rbk40_firmwarerbk50_firmwarerbk20_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-8450
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-4.8||MEDIUM
EPSS-0.24% / 46.66%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 13:56
Updated-16 Sep, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a custom field.

Action-Not Available
Vendor-Atlassian
Product-jira_serverJira
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-28001
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.34% / 56.64%
||
7 Day CHG~0.00%
Published-19 Aug, 2021 | 13:50
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting https://site.com/articles/welcome-to-your-site#comments-head.

Action-Not Available
Vendor-textpatternn/a
Product-textpatternn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-24963
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.84% / 74.53%
||
7 Day CHG~0.00%
Published-04 Sep, 2020 | 15:47
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Authenticated Persistent XSS vulnerability was discovered in the Best Support System, tested version v3.0.4.

Action-Not Available
Vendor-appsbdn/a
Product-best_support_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-24993
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 38.61%
||
7 Day CHG~0.00%
Published-17 May, 2021 | 18:44
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when visitors access the article module.

Action-Not Available
Vendor-cmswingn/a
Product-cmswingn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20440
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.52% / 66.41%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 23:37
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the update API documentation feature of the API Publisher.

Action-Not Available
Vendor-n/aWSO2 LLC
Product-api_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20903
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-5.4||MEDIUM
EPSS-0.41% / 61.05%
||
7 Day CHG~0.00%
Published-01 Oct, 2020 | 01:30
Updated-17 Sep, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in link targets.

Action-Not Available
Vendor-Atlassian
Product-editor-core@atlaskit/editor-core
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20665
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.19% / 40.97%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 19:03
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs40rbs40_firmwarerbk20rbr40_firmwarerbs20_firmwarerbs50_firmwarerbs20rbr40rbs50rbr50_firmwarerbk40rbr20rbr50rbr20_firmwarerbk50rbk40_firmwarerbk50_firmwarerbk20_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-0483
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.18% / 39.46%
||
7 Day CHG~0.00%
Published-10 Jan, 2019 | 17:00
Updated-21 Nov, 2024 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability

A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient validation of user-supplied input of an affected client. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. A successful exploit could allow the attacker to execute arbitrary script code in the context of the targeted client or allow the attacker to access sensitive client-based information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-jabberCisco Jabber IM for Android
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-22732
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.32% / 54.82%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 16:24
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker..

Action-Not Available
Vendor-n/aThe CMS Made Simple Foundation
Product-cms_made_simplen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-23208
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.29% / 51.79%
||
7 Day CHG~0.00%
Published-01 Jul, 2021 | 20:10
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under the "Start or continue campaign" module.

Action-Not Available
Vendor-phplistn/a
Product-phplistn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20483
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 42.79%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 21:02
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Viki Vera 4.9.1.26180. An attacker could set a user's last name to an XSS Payload, and read another user's cookie and use that to login to the application.

Action-Not Available
Vendor-vikisolutionsn/a
Product-veran/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-24723
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.39% / 59.68%
||
7 Day CHG~0.00%
Published-18 Nov, 2020 | 12:25
Updated-27 Dec, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting (XSS) vulnerability in the Registration page of the admin panel in PHPGurukul User Registration & Login and User Management System With admin panel 2.1.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-user_registration_\&_login_and_user_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20900
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-4.8||MEDIUM
EPSS-0.28% / 50.88%
||
7 Day CHG~0.00%
Published-13 Jul, 2020 | 01:05
Updated-17 Sep, 2024 | 02:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module. The affected versions are before version 8.7.0.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjira_data_centerJira Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-23185
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.48% / 64.83%
||
7 Day CHG~0.00%
Published-02 Jul, 2021 | 17:51
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stored cross site scripting (XSS) vulnerability in /administration/setting_security.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.

Action-Not Available
Vendor-php-fusionn/a
Product-php-fusionn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20678
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.23% / 45.77%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 19:51
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs40rbs40_firmwarerbk20rbr40_firmwarerbs20_firmwarerbs50_firmwarerbs20rbr40rbs50rbr50_firmwarerbk40rbr20rbr50rbr20_firmwarerbk50rbk40_firmwarerbk50_firmwarerbk20_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-28977
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.24% / 46.24%
||
7 Day CHG~0.00%
Published-23 Jun, 2021 | 12:44
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files,

Action-Not Available
Vendor-get-simplen/a
Product-getsimplecmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20752
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.36% / 58.11%
||
7 Day CHG-0.05%
Published-16 Apr, 2020 | 21:04
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wn3000rprbk20d6000_firmwarer8900_firmwarerbs20_firmwared7800dm200_firmwarewn3100rp_firmwarewndr4300_firmwarerbk40d3600_firmwarerbr20wn3100rpwndr4500d3600rbk40_firmwarerbs40wn3000rp_firmwared7800_firmwaredm200r8900r9000_firmwarerbs40_firmwarewndr4500_firmwarewnr2000_firmwarerbs20d6000rbs50_firmwarerbs50r9000rbr50_firmwarerbr50r7800rbr20_firmwarerbk50wndr4300r7800_firmwarerbk50_firmwarerbk20_firmwarewnr2000n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-23044
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.24% / 47.22%
||
7 Day CHG~0.00%
Published-22 Oct, 2021 | 19:20
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20746
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 58.11%
||
7 Day CHG-0.05%
Published-16 Apr, 2020 | 20:57
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by reflected XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.8, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wn3000rprbk20d6000_firmwarer8900_firmwarerbs20_firmwared7800dm200_firmwarewn3100rp_firmwarewndr4300_firmwarerbk40d3600_firmwarerbr20wn3100rpwndr4500d3600rbk40_firmwarerbs40wn3000rp_firmwared7800_firmwaredm200r8900r9000_firmwarerbs40_firmwarewndr4500_firmwarewnr2000_firmwarerbs20d6000rbs50_firmwarerbs50r9000rbr50_firmwarerbr50r7800rbr20_firmwarerbk50wndr4300r7800_firmwarerbk50_firmwarerbk20_firmwarewnr2000n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-2270
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-0.23% / 45.94%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 13:20
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-clearcase_releaseJenkins ClearCase Release Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-23868
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 42.76%
||
7 Day CHG~0.00%
Published-02 Nov, 2020 | 21:57
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NeDi 1.9C allows inc/rt-popup.php d XSS.

Action-Not Available
Vendor-nedin/a
Product-nedin/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-28461
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-3.25% / 86.96%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dynamics Finance and Operations Cross-site Scripting Vulnerability

Dynamics Finance and Operations Cross-site Scripting Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365Dynamics 365 for Finance and Operations
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-28382
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-19.52% / 95.31%
||
7 Day CHG~0.00%
Published-07 Jun, 2021 | 09:45
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_key_manager_plusn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-28968
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.27% / 50.37%
||
7 Day CHG~0.00%
Published-22 Mar, 2021 | 15:10
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in the [email] BBcode tag allows (with authentication) injecting arbitrary JavaScript into any forum message.

Action-Not Available
Vendor-n/aGNU
Product-punbbn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-23576
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 42.76%
||
7 Day CHG~0.00%
Published-27 Aug, 2020 | 15:25
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Laborator Neon dashboard v3 is affected by stored Cross Site Scripting (XSS) via the chat tab.

Action-Not Available
Vendor-laboratorn/a
Product-neonn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20438
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.52% / 66.41%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 23:37
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting (XSS) vulnerability has been identified in the inline API documentation editor page of the API Publisher.

Action-Not Available
Vendor-n/aWSO2 LLC
Product-api_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-23205
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.24% / 46.31%
||
7 Day CHG~0.00%
Published-01 Jul, 2021 | 20:09
Updated-04 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stored cross site scripting (XSS) vulnerability in Monstra CMS version 3.0.4 allows attackers to execute arbitrary web scripts or HTML via crafted a payload entered into the "Site Name" field under the "Site Settings" module.

Action-Not Available
Vendor-monstran/a
Product-monstra_cmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20434
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.43% / 62.12%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 23:38
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Datasource creation page of the Management Console.

Action-Not Available
Vendor-n/aWSO2 LLC
Product-api_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-23014
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.57% / 68.42%
||
7 Day CHG~0.00%
Published-22 Jan, 2021 | 20:44
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

APfell 1.4 is vulnerable to authenticated reflected cross-site scripting (XSS) in /apiui/command_ through the payloadtypes_callback function, which allows an attacker to steal remote admin/user session and/or adding new users to the administration panel.

Action-Not Available
Vendor-apfell_projectn/a
Product-apfelln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-28378
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.7||LOW
EPSS-12.92% / 93.95%
||
7 Day CHG~0.00%
Published-15 Mar, 2021 | 05:20
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations.

Action-Not Available
Vendor-gitean/a
Product-gitean/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2012-6149
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.5||LOW
EPSS-0.25% / 48.32%
||
7 Day CHG~0.00%
Published-14 Feb, 2014 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system.addNote XML-RPC call.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-satellitesatellite_5_managed_dbspacewalk-javan/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • ...
  • 16
  • 17
  • 18
  • ...
  • 171
  • 172
  • Next
Details not found