Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-23553

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-13 Feb, 2023 | 17:03
Updated At-16 Jan, 2025 | 21:57
Rejected At-
Credits

X-400 Cross-Site Scripting

Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:13 Feb, 2023 | 17:03
Updated At:16 Jan, 2025 | 21:57
Rejected At:
▼CVE Numbering Authority (CNA)
X-400 Cross-Site Scripting

Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker.

Affected Products
Vendor
Control By Web
Product
X-400 devices
Default Status
unaffected
Versions
Affected
  • From 0 before 2.8 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.14.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 4.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Control By Web has provided a fix and recommends applying the updates for the following products: * X-400: Update to firmware v2.8 https://www.controlbyweb.com/firmware/X400_V2.8_firmware.zip  or later

Configurations
Workarounds
Exploits
Credits
finder
Floris Hendriks and Jeroen Wijenbergh of Radboud University reported these vulnerabilities to Control By Web.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-01
N/A
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-01
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-01
x_transferred
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-01
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:13 Feb, 2023 | 18:15
Updated At:07 Nov, 2023 | 04:07

Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Secondary3.14.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 4.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
CPE Matches
controlbyweb
controlbyweb
>>x-400_firmware>>Versions before 2.8(exclusive)
cpe:2.3:o:controlbyweb:x-400_firmware:*:*:*:*:*:*:*:*
controlbyweb
controlbyweb
>>x-400>>-
cpe:2.3:h:controlbyweb:x-400:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primaryics-cert@hq.dhs.gov
CWE ID: CWE-79
Type: Primary
Source: ics-cert@hq.dhs.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-01ics-cert@hq.dhs.gov
Mitigation
Third Party Advisory
US Government Resource
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-01
Source: ics-cert@hq.dhs.gov
Resource:
Mitigation
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

9005Records found
CVE-2021-24925
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.29% / 52.23%
||
7 Day CHG~0.00%
Published-13 Dec, 2021 | 10:41
Updated-03 Aug, 2024 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Modern Events Calendar Lite < 6.1.5 - Reflected Cross-Site Scripting

The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the current_month_divider parameter of its mec_list_load_more AJAX call (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue

Action-Not Available
Vendor-webnusUnknown
Product-modern_events_calendar_liteModern Events Calendar Lite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13220
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.01% / 0.86%
||
7 Day CHG~0.00%
Published-31 Jan, 2025 | 06:00
Updated-20 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Google Map Professional <= 1.0 - Reflected XSS

The WordPress Google Map Professional (Map In Your Language) WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-Unknown
Product-WordPress Google Map Professional (Map In Your Language)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-12980
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 18.43%
||
7 Day CHG~0.00%
Published-27 Dec, 2024 | 05:00
Updated-18 Feb, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Job Recruitment _all_edits.php fln_update cross site scripting

A vulnerability was found in code-projects Job Recruitment 1.0. It has been classified as problematic. Affected is the function fln_update of the file /_parse/_all_edits.php. The manipulation of the argument fname/lname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-job_recruitmentJob Recruitment
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-13221
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.04% / 8.76%
||
7 Day CHG~0.00%
Published-31 Jan, 2025 | 06:00
Updated-14 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fantastic Elasticsearch <= 4.1.0 - Reflected XSS

The Fantastic ElasticSearch WordPress plugin through 4.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-Unknown
Product-Fantastic ElasticSearch
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19733
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.33% / 55.11%
||
7 Day CHG~0.00%
Published-30 Dec, 2019 | 16:59
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

_get_all_file_server_paths.ajax.php (aka get_all_file_server_paths.ajax.php) in MFScripts YetiShare 3.5.2 through 4.5.3 does not sanitize or encode the output from the fileIds parameter on the page, which would allow an attacker to input HTML or execute scripts on the site, aka XSS.

Action-Not Available
Vendor-mfscriptsn/a
Product-yetisharen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19003
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-5.3||MEDIUM
EPSS-0.37% / 58.10%
||
7 Day CHG~0.00%
Published-02 Apr, 2020 | 19:46
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ABB eSOMS: HTTPOnly flag not set

For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting.

Action-Not Available
Vendor-Hitachi Energy Ltd.ABB
Product-esomseSOMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-16
Not Available
CVE-2019-20042
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-2.73% / 85.38%
||
7 Day CHG~0.00%
Published-27 Dec, 2019 | 07:14
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release.

Action-Not Available
Vendor-n/aDebian GNU/LinuxWordPress.org
Product-wordpressdebian_linuxn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13219
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.01% / 0.86%
||
7 Day CHG~0.00%
Published-31 Jan, 2025 | 06:00
Updated-31 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Policy Genius <= 2.0.4 - Reflected XSS

The Privacy Policy Genius WordPress plugin through 2.0.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-Unknown
Product-Privacy Policy Genius
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-35651
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-6.1||MEDIUM
EPSS-0.33% / 54.94%
||
7 Day CHG~0.00%
Published-25 Jul, 2022 | 15:30
Updated-03 Aug, 2024 | 09:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.

Action-Not Available
Vendor-n/aMoodle Pty LtdRed Hat, Inc.Fedora Project
Product-enterprise_linuxfedoramoodleMoodle
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13225
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.01% / 0.86%
||
7 Day CHG~0.00%
Published-31 Jan, 2025 | 06:00
Updated-13 May, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ECT Home Page Products <= 1.9 - Reflected XSS

The ECT Home Page Products WordPress plugin through 1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-etemplatesUnknown
Product-ect_home_page_productsECT Home Page Products
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-14320
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.54% / 66.68%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 19:37
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodleMoodle
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19288
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-6.1||MEDIUM
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 21:05
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link.

Action-Not Available
Vendor-Siemens AG
Product-xhqXHQ
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-12714
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.01% / 1.14%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 06:00
Updated-17 May, 2025 | 02:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Backlink Monitoring Manager <= 0.1.3 - Reflected XSS

The Backlink Monitoring Manager WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-syedfakharabbasUnknown
Product-backlink_monitoring_managerBacklink Monitoring Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-43975
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.68%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 23:29
Updated-25 Sep, 2024 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Super Store Finder plugin <= 6.9.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in highwarden Super Store Finder allows Cross-Site Scripting (XSS).This issue affects Super Store Finder: from n/a through 6.9.7.

Action-Not Available
Vendor-Super Store Finder
Product-super_store_finderSuper Store Finder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13018
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.06% / 18.96%
||
7 Day CHG~0.00%
Published-29 Dec, 2024 | 18:00
Updated-18 Feb, 2025 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Maid Hiring Management System profile.php cross site scripting

A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely.

Action-Not Available
Vendor-PHPGurukul LLP
Product-maid_hiring_management_systemMaid Hiring Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-19111
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.19% / 41.04%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 13:10
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases langid parameter.

Action-Not Available
Vendor-gvectorsn/a
Product-wpforon/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-36131
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.40% / 59.85%
||
7 Day CHG~0.00%
Published-22 Jul, 2022 | 12:36
Updated-03 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to stored XSS via a crafted description to the PDF Templates overview page.

Action-Not Available
Vendor-midori-globaln/a
Product-better_pdf_exportern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-12405
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.1||MEDIUM
EPSS-0.14% / 35.09%
||
7 Day CHG+0.01%
Published-24 Dec, 2024 | 05:23
Updated-24 Dec, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Export Customers Data <= 1.2.3 - Reflected Cross-Site Scripting

The Export Customers Data plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 't' parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Action-Not Available
Vendor-fahadmahmood
Product-Export Customers Data
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-18982
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.01% / 1.52%
||
7 Day CHG+0.01%
Published-15 Nov, 2019 | 04:22
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.

Action-Not Available
Vendor-n/aPimcore
Product-pimcoren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-31145
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 41.07%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 20:58
Updated-22 Jan, 2025 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected XSS vulnerability in CollaboraOnline

Collabora Online is a collaborative online office suite based on LibreOffice technology. This vulnerability report describes a reflected XSS vulnerability with full CSP bypass in Nextcloud installations using the recommended bundle. The vulnerability can be exploited to perform a trivial account takeover attack. The vulnerability allows attackers to inject malicious code into web pages, which can be executed in the context of the victim's browser session. This means that an attacker can steal sensitive data, such as login credentials or personal information, or perform unauthorized actions on behalf of the victim, such as modifying or deleting data. In this specific case, the vulnerability allows for a trivial account takeover attack. An attacker can exploit the vulnerability to inject code into the victim's browser session, allowing the attacker to take over the victim's account without their knowledge or consent. This can lead to unauthorized access to sensitive information and data, as well as the ability to perform actions on behalf of the victim. Furthermore, the fact that the vulnerability bypasses the Content Security Policy (CSP) makes it more dangerous, as CSP is an important security mechanism used to prevent cross-site scripting attacks. By bypassing CSP, attackers can circumvent the security measures put in place by the web application and execute their malicious code. This issue has been patched in versions 22.05.13, 21.11.9, and 6.4.27. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-collaboraCollaboraOnline
Product-onlineonline
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20003
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.38% / 58.53%
||
7 Day CHG~0.00%
Published-17 Jan, 2020 | 15:01
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored XSS via the Debug-Log and Display-Log components. This could be exploited when an attacker sends an crafted string for FTP authentication.

Action-Not Available
Vendor-dicuben/a
Product-easescreen_crystaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-3581
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-2.4||LOW
EPSS-0.07% / 20.37%
||
7 Day CHG~0.00%
Published-18 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 01:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Cashier Queuing System Cashiers Tab cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Cashier Queuing System 1.0. Affected is an unknown function of the component Cashiers Tab. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-211188.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-cashier_queuing_systemCashier Queuing System
CWE ID-CWE-707
Improper Neutralization
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19393
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.42% / 61.08%
||
7 Day CHG~0.00%
Published-01 Oct, 2020 | 16:55
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.00_2 to V3.15.70_4 devices fails to sanitize user input on the system configurations page. This allows an attacker to backdoor the device with HTML and browser-interpreted content (such as JavaScript or other client-side scripts) as the content is always displayed after and before login. Persistent XSS allows an attacker to modify displayed content or to change the victim's information. Successful exploitation requires access to the web management interface, either with valid credentials or a hijacked session.

Action-Not Available
Vendor-rittaln/a
Product-cmc_pu_iii_7030.000_firmwarecmc_pu_iii_7030.000n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19328
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.63% / 69.42%
||
7 Day CHG~0.00%
Published-27 Nov, 2019 | 15:28
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT.

Action-Not Available
Vendor-n/aWikimedia Foundation
Product-wikidata_query_guin/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19293
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-6.1||MEDIUM
EPSS-0.43% / 61.68%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 19:16
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains a reflected Cross-site Scripting (XSS) vulnerability that could allow an unauthenticated remote attacker to steal sensitive data or execute administrative actions on behalf of a legitimate administrator of the CCS web interface.

Action-Not Available
Vendor-Siemens AG
Product-sinvr_3_video_serversinvr_3_central_control_serverControl Center Server (CCS)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-15307
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.17%
||
7 Day CHG~0.00%
Published-30 Jun, 2020 | 17:50
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by leveraging the ability to create a custom field with a crafted field name.

Action-Not Available
Vendor-nozominetworksn/a
Product-guardiann/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-35226
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.1||MEDIUM
EPSS-0.81% / 73.23%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application's immediate response, it will lead to a Cross-Site Scripting vulnerability. The attacker would have to log in to the management console to perform such as an attack, only few of the pages are vulnerable in the DS management console.

Action-Not Available
Vendor-SAP SE
Product-data_servicesSAP Data Services Management Console
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-35654
Matching Score-4
Assigner-Pegasystems Inc.
ShareView Details
Matching Score-4
Assigner-Pegasystems Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.51% / 65.44%
||
7 Day CHG+0.01%
Published-22 Aug, 2022 | 14:46
Updated-03 Aug, 2024 | 09:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter.

Action-Not Available
Vendor-pegaPegasystems
Product-pega_platformPega Infinity
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-35155
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.69% / 70.82%
||
7 Day CHG~0.00%
Published-30 Sep, 2022 | 18:10
Updated-05 May, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the searchdata parameter.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-bus_pass_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13326
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.01% / 1.12%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 06:00
Updated-07 May, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iBuildApp <= 0.2.0 - Reflected XSS

The iBuildApp WordPress plugin through 0.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Action-Not Available
Vendor-ibuildappUnknown
Product-ibuildappiBuildApp
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19384
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.43% / 61.65%
||
7 Day CHG~0.00%
Published-28 Nov, 2019 | 23:56
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter.

Action-Not Available
Vendor-fusionpbxn/a
Product-fusionpbxn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-12403
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.1||MEDIUM
EPSS-0.17% / 38.69%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 09:25
Updated-15 Jan, 2025 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Image Gallery – Responsive Photo Gallery <= 1.0.5 - Reflected Cross-Site Scripting

The Image Gallery – Responsive Photo Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'awsmgallery' parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Action-Not Available
Vendor-realwebcare
Product-Awesome Responsive Photo Gallery – Image & Video Lightbox Gallery
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-36080
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.11% / 30.71%
||
7 Day CHG~0.00%
Published-07 Sep, 2022 | 21:00
Updated-23 Apr, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wikmd Cross-site Scripting vulnerability

Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, an attacker could capture user's session cookies or execute malicious Javascript when a victim edits a markdown file. Version 1.7.1 fixes this issue.

Action-Not Available
Vendor-wikmd_projectLinbreux
Product-wikmdwikmd
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19385
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.43% / 61.65%
||
7 Day CHG~0.00%
Published-28 Nov, 2019 | 23:56
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter.

Action-Not Available
Vendor-fusionpbxn/a
Product-fusionpbxn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19329
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.41% / 60.25%
||
7 Day CHG~0.00%
Published-27 Nov, 2019 | 15:28
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT.

Action-Not Available
Vendor-n/aWikimedia Foundation
Product-wikidata_query_guin/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2012-0767
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-16.38% / 94.61%
||
7 Day CHG~0.00%
Published-16 Feb, 2012 | 19:00
Updated-30 Jul, 2025 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-22||The impacted product is end-of-life and should be disconnected if still in use.

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncMicrosoft CorporationGoogle LLCAdobe Inc.Apple Inc.Oracle Corporation
Product-linux_kernelwindowssolarisandroidflash_playermac_os_xn/aFlash Player
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-18957
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-7.12% / 91.17%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 13:57
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS.

Action-Not Available
Vendor-microstrategyn/a
Product-microstrategy_libraryn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-3580
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-2.4||LOW
EPSS-0.07% / 20.37%
||
7 Day CHG~0.00%
Published-18 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 01:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Cashier Queuing System User Creation cross site scripting

A vulnerability, which was classified as problematic, has been found in SourceCodester Cashier Queuing System 1.0.1. This issue affects some unknown processing of the component User Creation Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-211187.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-cashier_queuing_systemCashier Queuing System
CWE ID-CWE-707
Improper Neutralization
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19211
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-2.09% / 83.32%
||
7 Day CHG~0.00%
Published-16 Mar, 2020 | 14:57
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS.

Action-Not Available
Vendor-n/aDolibarr ERP & CRM
Product-dolibarrn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13218
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.01% / 0.86%
||
7 Day CHG~0.00%
Published-31 Jan, 2025 | 06:00
Updated-14 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fast Tube <= 2.3.1 - Reflected XSS

The Fast Tube WordPress plugin through 2.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-Unknown
Product-Fast Tube
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19381
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.33% / 55.11%
||
7 Day CHG~0.00%
Published-11 Mar, 2020 | 13:02
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

oauth/oauth2/v1/saml/ in Abacus OAuth Login 2019_01_r4_20191021_0000 before prior to R4 (20.11.2019 Hotfix) allows Reflected Cross Site Scripting (XSS) via an error message.

Action-Not Available
Vendor-abacusn/a
Product-abacusn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-35298
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.1||MEDIUM
EPSS-0.54% / 66.48%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 15:43
Updated-03 Aug, 2024 | 09:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. KMC servlet is vulnerable to XSS attack. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser session.

Action-Not Available
Vendor-SAP SE
Product-netweaver_enterprise_portalSAP NetWeaver Enterprise Portal (KMC)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34879
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.24%
||
7 Day CHG~0.00%
Published-05 Jul, 2022 | 15:40
Updated-16 Sep, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
VICIDial 2.14b0.5 SVN 3550 was discovered to contain multiple Cross Site Scripting (XSS) vulnerabilities at /vicidial/admin.php.

Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_archived_data parameters. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.

Action-Not Available
Vendor-vicidialVICIdial
Product-vicidialVICIdial
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-3561
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.04%
||
7 Day CHG~0.00%
Published-20 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting (XSS) - Generic in librenms/librenms

Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.

Action-Not Available
Vendor-LibreNMS
Product-librenmslibrenms/librenms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13331
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.01% / 1.12%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 06:00
Updated-13 May, 2025 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Dream Carousel <= 1.0.1b - Reflected XSS

The WP Dream Carousel WordPress plugin through 1.0.1b does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Action-Not Available
Vendor-neolokiUnknown
Product-wp_dream_carouselWP Dream Carousel
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19865
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.37% / 57.87%
||
7 Day CHG~0.00%
Published-21 Feb, 2020 | 15:23
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Atos Unify OpenScape UC Application V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows XSS. An attacker could exploit this by convincing an authenticated user to inject arbitrary JavaScript code in the Profile Name field. A browser would execute this stored XSS payload.

Action-Not Available
Vendor-atosn/a
Product-unify_openscape_uc_web_clientn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-1442
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.61% / 68.69%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 22:54
Updated-04 Aug, 2024 | 06:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request, aka 'Office Web Apps XSS Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_online_serveroffice_web_appsMicrosoft Office Web AppsMicrosoft Office Online Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-18914
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.50% / 64.87%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 14:10
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified for certain HP printers and MFPs that would allow redirection page Cross-Site Scripting in a client’s browser by clicking on a third-party malicious link.

Action-Not Available
Vendor-n/aHP Inc.
Product-laserjet_enterprise_m605_l3u54alaserjet_managed_flow_mfp_e82540_x3a82alaserjet_enterprise_flow_mfp_m680_cz248alaserjet_managed_mfp_e52645_1pv64alaserjet_enterprise_mfp_m776_t3u55alaserjet_managed_mfp_m630_b3g85apagewide_managed_flow_mfp_e77660z_j7z07alaserjet_managed_flow_mfp_e77825_z8z0alaserjet_managed_mfp_e72530_z8z09alaserjet_enterprise_m552_b5l23alaserjet_managed_mfp_e87640_x3a86alaserjet_managed_mfp_e82540_z8z22alaserjet_enterprise_flow_mfp_m880z_a2w75alaserjet_managed_mfp_e62555_j8j74alaserjet_managed_mfp_e77428_5cm77alaserjet_managed_e60075_m0p33alaserjet_managed_flow_mfp_e72525_z8z08alaserjet_managed_flow_mfp_m575_l3u45alaserjet_enterprise_mfp_m577_b5l48alaserjet_managed_flow_mfp_e82560_x3a74alaserjet_managed_flow_mfp_e67560_l3u70alaserjet_managed_flow_mfp_e57540_3gy25alaserjet_enterprise_m609_k0q22alaserjet_managed_mfp_e77428_5cm79alaserjet_managed_flow_mfp_m630_p7z47alaserjet_managed_flow_mfp_e72525_x3a62alaserjet_managed_flow_mfp_m880zm_d7p71alaserjet_enterprise_700_m712_cf235alaserjet_enterprise_m506_f2a66alaserjet_managed_flow_mfp_m680_l3u47alaserjet_managed_flow_mfp_e62565_j8j79alaserjet_managed_mfp_e87650_z8z15alaserjet_managed_flow_mfp_m630_l3u62alaserjet_managed_flow_mfp_e82540_z8z23alaserjet_enterprise_m507_1pv88alaserjet_enterprise_m652_j7z99alaserjet_managed_mfp_e72525_x3a66alaserjet_enterprise_m506_f2a70apagewide_enterprise_flow_mfp_586z_g1w41alaserjet_managed_mfp_e72525_z8z08alaserjet_managed_flow_mfp_e62555_j8j74alaserjet_managed_mfp_e72530_x3a65alaserjet_managed_mfp_e62555_j8j67alaserjet_managed_flow_mfp_e62565_j8j80alaserjet_enterprise_flow_mfp_m631_j8j63alaserjet_enterprise_flow_mfp_m630_b3g86aofficejet_managed_mfp_x585_b5l04alaserjet_managed_mfp_e72530_z8z08alaserjet_enterprise_mfp_m633_j8j78apagewide_managed_flow_mfp_e77650_j7z14alaserjet_managed_mfp_e82550_az8z20apagewide_managed_mfp_p77950_2gp22alaserjet_managed_mfp_e82540_z8z19laserjet_managed_mfp_e82550_x3a68alaserjet_enterprise_flow_mfp_m681_j8a12apagewide_managed_mfp_p77950_2gp26alaserjet_managed_e60055_m0p39alaserjet_managed_mfp_e77822_x3a84alaserjet_managed_mfp_e52645_1pv67alaserjet_managed_e75245_t3u64alaserjet_managed_flow_mfp_e87650_z8z16alaserjet_enterprise_m855_a2w77alaserjet_managed_m506_f2a69alaserjet_enterprise_500_m551_cf081alaserjet_managed_flow_mfp_e72535_z8z08apagewide_managed_mfp_p77950_5zn98alaserjet_managed_flow_mfp_e67550_l3u70alaserjet_managed_mfp_e82560_z8z22apagewide_managed_mfp_p77940_y3z68alaserjet_managed_mfp_e52545_3gy19alaserjet_managed_mfp_e77428_5cm78alaserjet_enterprise_mfp_m632_j8j72alaserjet_managed_mfp_e57540_3gy26alaserjet_enterprise_mfp_m577_b5l46alaserjet_managed_flow_mfp_e72535_z8z06alaserjet_managed_flow_mfp_e82550_z8z23alaserjet_managed_mfp_e72530_x3a60alaserjet_managed_flow_mfp_e82540_x3a69alaserjet_enterprise_mfp_m631_j8j65aofficejet_enterprise_mfp_x585_l3u40alaserjet_enterprise_mfp_m725_l3u64alaserjet_managed_mfp_e72430_5rc89alaserjet_managed_flow_mfp_e82540_x3a79apagewide_managed_mfp_p77940_y3z63apagewide_enterprise_556_g1w47vlaserjet_managed_mfp_e77830_z8z02alaserjet_managed_500_mfp_m575_l3u46alaserjet_managed_flow_mfp_e82540_x3a72alaserjet_managed_mfp_e82560_x3a69alaserjet_managed_mfp_e82560_az8z20alaserjet_enterprise_700_mfp_m775_cc522alaserjet_managed_mfp_e77825_x3a84alaserjet_enterprise_700_mfp_m775_cf304apagewide_managed_mfp_p77940_y3z64alaserjet_managed_flow_mfp_e82560_x3a79alaserjet_managed_e75245_t3u43alaserjet_managed_flow_mfp_e77822_z8z0alaserjet_managed_mfp_e87660_x3a89alaserjet_enterprise_flow_mfp_m630_p7z48alaserjet_managed_flow_mfp_e87660_x3a86alaserjet_enterprise_600_m603_ce994apagewide_managed_mfp_p77940_y3z66alaserjet_enterprise_m652_j7z98alaserjet_managed_flow_mfp_e62575_j8j74alaserjet_managed_flow_mfp_e82550_z8z18alaserjet_managed_mfp_e82560_x3a74alaserjet_managed_mfp_e62565_j8j74alaserjet_managed_mfp_e87650_z8z17alaserjet_enterprise_m506_f2a71apagewide_managed_p75250_y3z49alaserjet_managed_mfp_e72535_z8z08alaserjet_managed_flow_mfp_e87650_x3a87alaserjet_managed_mfp_e82560_x3a79alaserjet_managed_flow_mfp_e62575_j8j67alaserjet_managed_mfp_e87640_z8z14apagewide_managed_flow_mfp_e77650_j7z13alaserjet_enterprise_flow_mfp_m776_t3u55alaserjet_managed_m605_e6b70alaserjet_managed_flow_mfp_m527z_f2a79alaserjet_enterprise_600_m602_ce991apagewide_managed_mfp_p77950_5zn99alaserjet_managed_flow_mfp_e77825_z8z01alaserjet_enterprise_m4555_mfp_ce502alaserjet_managed_mfp_e77428_5rc91alaserjet_managed_flow_mfp_e62575_j8j66apagewide_managed_flow_mfp_e77660z_j7z14alaserjet_managed_flow_mfp_e62555_j8j73alaserjet_managed_e60065_m0p39alaserjet_managed_e60055_m0p33apagewide_managed_mfp_e77650_j7z08alaserjet_managed_flow_mfp_e72525_x3a66alaserjet_enterprise_m553_bl27alaserjet_managed_flow_mfp_e72535_z8z09alaserjet_managed_mfp_e57540_3gy25alaserjet_enterprise_m553_b5l24apagewide_enterprise_flow_mfp_586z_g1w39alaserjet_managed_flow_mfp_m575_l3u46alaserjet_managed_flow_mfp_e87640_z8z15aofficejet_managed_flow_mfp_x585_b5l07alaserjet_managed_mfp_e77422_5cm75alaserjet_managed_flow_mfp_e72535_x3a65alaserjet_managed_flow_mfp_e82550_z8z22alaserjet_managed_flow_mfp_e82560_x3a82apagewide_managed_flow_mfp_e77660z_j7z03alaserjet_enterprise_700_mfp_m775_l3u50alaserjet_managed_flow_mfp_e82550_x3a71alaserjet_managed_flow_mfp_e72530_x3a62alaserjet_managed_mfp_e82540_x3a82apagewide_managed_mfp_p77960_y3z62alaserjet_managed_flow_mfp_e57540_3gy26alaserjet_enterprise_500_mfp_m575_cd645alaserjet_managed_flow_mfp_e87660_z8z14alaserjet_managed_mfp_e77822_z8z04apagewide_managed_mfp_p77940_2gp26alaserjet_managed_mfp_e87640_z8z16apagewide_managed_mfp_p77940_5zn98alaserjet_enterprise_flow_mfp_m633_j8j76apagewide_mfp_774_4pa44alaserjet_enterprise_m507_1pv87alaserjet_managed_mfp_e72535_x3a60alaserjet_managed_flow_mfp_e87650_z8z15alaserjet_managed_flow_mfp_e87650_x3a90alaserjet_enterprise_flow_mfp_m681_j8a11alaserjet_enterprise_mfp_m528_1pv49alaserjet_managed_mfp_e72525_z8z011alaserjet_managed_mfp_e87640_x3a89apagewide_managed_mfp_p77940_2gp25alaserjet_managed_m553_b5l26alaserjet_managed_mfp_e87660_z8z14alaserjet_managed_mfp_e67560_l3u69alaserjet_enterprise_flow_mfp_m632_j8j72alaserjet_managed_flow_mfp_e77822_x3a77alaserjet_managed_mfp_e77830_x3a84alaserjet_managed_mfp_m725_cf068alaserjet_managed_mfp_e82540_x3a72alaserjet_managed_flow_mfp_m630_b3g86alaserjet_enterprise_mfp_m681_j8a12alaserjet_enterprise_m855_d7p73alaserjet_enterprise_mfp_m680_cz248alaserjet_managed_flow_mfp_e82550_x3a69alaserjet_managed_mfp_e77422_5rc92alaserjet_enterprise_flow_mfp_m575_cd645alaserjet_managed_mfp_e82560_x3a68alaserjet_enterprise_flow_mfp_m577_b5l46alaserjet_managed_e50145_1pv89alaserjet_managed_e60075_m0p39apagewide_managed_mfp_p77960_y3z63alaserjet_managed_m553_b5l38alaserjet_enterprise_700_mfp_m775_cc524aofficejet_enterprise_x555_l1h45alaserjet_managed_flow_mfp_e72530_z8z010alaserjet_managed_flow_mfp_m525_l3u59alaserjet_enterprise_m553_b5l39alaserjet_managed_mfp_m775_cc523alaserjet_enterprise_flow_mfp_m880z_a2w76alaserjet_managed_mfp_e82550_z8z23alaserjet_managed_flow_mfp_e87640_x3a93alaserjet_enterprise_mfp_m630_b3g85alaserjet_managed_mfp_e82540_z8z18alaserjet_enterprise_600_m601_ce989alaserjet_managed_m651_cz257alaserjet_managed_flow_mfp_e77825_z8z05aofficejet_enterprise_flow_mfp_x585_l3u41alaserjet_managed_mfp_e87650_z8z16alaserjet_managed_flow_mfp_e72530_z8z07alaserjet_enterprise_mfp_m577_b5l47alaserjet_enterprise_mfp_m725_cf069alaserjet_managed_e85055_t3u52alaserjet_managed_flow_mfp_e82560_z8z19laserjet_managed_mfp_e72525_z8z07alaserjet_managed_e65050_l3u57alaserjet_managed_flow_mfp_e72530_z8z011alaserjet_managed_e60055_m0p40alaserjet_managed_e50145_1pv88alaserjet_cm4540_mfp_cc420alaserjet_enterprise_600_m602_ce993alaserjet_managed_mfp_e82560_z8z23alaserjet_managed_flow_mfp_e87660_x3a92alaserjet_managed_flow_mfp_e82560_z8z23alaserjet_managed_mfp_e87640_x3a90alaserjet_managed_flow_mfp_e87650_x3a86alaserjet_enterprise_500_mfp_m525f_cf118alaserjet_managed_flow_mfp_e72535_x3a60alaserjet_enterprise_m651_h0dc9alaserjet_managed_flow_mfp_e72525_x3a59alaserjet_managed_mfp_e72525_z8z010alaserjet_managed_flow_mfp_e82550_az8z20alaserjet_managed_mfp_m630_j7x28alaserjet_managed_mfp_e77422_5cm77alaserjet_enterprise_mfp_m725_cf067alaserjet_managed_flow_mfp_e77830_x3a77alaserjet_managed_e50145_1pu51alaserjet_managed_mfp_e82540_az8z20alaserjet_managed_mfp_m630_l3u61alaserjet_managed_mfp_e72425_5cm72alaserjet_managed_flow_mfp_e82560_x3a69aofficejet_managed_mfp_x585_b5l05alaserjet_managed_flow_mfp_e77825_x3a83alaserjet_enterprise_m553_b5l38apagewide_managed_mfp_p77950_y3z65alaserjet_enterprise_flow_mfp_m527z_f2a78alaserjet_enterprise_m751_t3u44alaserjet_managed_mfp_e77822_x3a81alaserjet_enterprise_m4555_mfp_ce504alaserjet_enterprises_cp5525_ce708alaserjet_managed_e60065_m0p35alaserjet_managed_mfp_e77830_z8z04alaserjet_managed_flow_mfp_e82540_x3a74alaserjet_managed_mfp_e62565_j8j79alaserjet_managed_e65050_l3u55alaserjet_enterprise_flow_mfp_m631_j8j64alaserjet_enterprise_m507_1pu52alaserjet_managed_flow_mfp_e72525_z8z010apagewide_managed_mfp_p77950_5zp00apagewide_managed_mfp_p77960_y3z65alaserjet_managed_flow_mfp_m880zm_a2w75alaserjet_enterprise_m653_j8a05alaserjet_managed_m605_l3u54alaserjet_managed_flow_mfp_e72525_z8z07alaserjet_managed_m651_cz255alaserjet_managed_mfp_e82540_x3a79alaserjet_enterprise_m855_a2w79alaserjet_managed_mfp_e87650_x3a86alaserjet_managed_mfp_e87650_x3a93alaserjet_managed_mfp_m775_l3u50apagewide_755_4pz47apagewide_managed_flow_mfp_e77650_j7z08apagewide_managed_mfp_p77960_5zn99alaserjet_managed_mfp_e72530_z8z06alaserjet_managed_flow_mfp_e82550_x3a72apagewide_enterprise_flow_mfp_780f_j7z09alaserjet_managed_mfp_e72525_x3a59apagewide_managed_mfp_e77650_j7z13alaserjet_managed_e60065_m0p36alaserjet_enterprise_mfp_m527_f2a76alaserjet_managed_flow_mfp_e72535_z8z011alaserjet_managed_flow_mfp_e72530_z8z06alaserjet_managed_flow_mfp_e72535_x3a63apagewide_managed_mfp_p77950_y3z62alaserjet_managed_flow_mfp_e82550_x3a82alaserjet_managed_mfp_e72530_x3a59afuturesmart_4laserjet_managed_mfp_e82560_x3a72alaserjet_managed_mfp_m527_f2a80apagewide_managed_flow_mfp_e77660z_j7z08alaserjet_managed_m605_e6b69apagewide_managed_mfp_p77950_y3z64alaserjet_managed_mfp_e72525_x3a65alaserjet_managed_flow_mfp_m830_cf367alaserjet_managed_mfp_e67550_l3u67alaserjet_managed_m553_b5l24alaserjet_managed_flow_mfp_e82560_x3a68apagewide_enterprise_mfp_586_g1w41alaserjet_managed_mfp_e77822_z8z02alaserjet_managed_mfp_m775_l3u49alaserjet_enterprise_flow_mfp_m830_l3u65alaserjet_managed_500_mfp_m525_l3u60alaserjet_enterprise_m608_k0q17alaserjet_enterprise_m4555_mfp_ce738alaserjet_enterprise_m506_f2a67alaserjet_enterprise_600_m603_ce996alaserjet_managed_mfp_m680_l3u47alaserjet_enterprise_mfp_m680_cz249alaserjet_enterprise_flow_mfp_m682_j8a17alaserjet_enterprise_flow_mfp_m527z_f2a81alaserjet_managed_mfp_m775_cc524alaserjet_enterprise_500_mfp_m525f_cf117alaserjet_enterprise_500_mfp_m575_cd646alaserjet_managed_mfp_m527_f2a79apagewide_enterprise_flow_mfp_785_j7z11alaserjet_managed_mfp_m725_cf067alaserjet_enterprise_flow_mfp_m527z_f2a77alaserjet_managed_mfp_e72535_z8z011alaserjet_managed_mfp_e77422_5rc91aofficejet_managed_flow_mfp_x585_b5l06alaserjet_enterprise_mfp_m528_1pv65alaserjet_managed_flow_mfp_e72525_x3a60alaserjet_managed_flow_mfp_m577_b5l49alaserjet_managed_mfp_e72535_z8z06alaserjet_managed_mfp_e87660_z8z12alaserjet_managed_mfp_e82560_x3a75alaserjet_managed_flow_mfp_e72525_x3a65alaserjet_managed_mfp_e87640_z8z17alaserjet_managed_mfp_e72430_5cm71alaserjet_managed_flow_mfp_e82550_x3a79alaserjet_managed_e85055_t3u66alaserjet_enterprise_m604_e6b68aofficejet_enterprise_x555_c2s11alaserjet_managed_mfp_e72430_5cm72alaserjet_managed_m651_cz256apagewide_enterprise_flow_mfp_780f_j7z10alaserjet_managed_mfp_e72535_x3a62alaserjet_managed_flow_mfp_e87640_x3a92alaserjet_managed_mfp_e82550_x3a79aofficejet_enterprise_x555_c2s12alaserjet_managed_mfp_e72535_x3a63alaserjet_managed_flow_mfp_e52545c_3gy20alaserjet_managed_mfp_e82550_x3a69alaserjet_managed_flow_mfp_e62555_j8j80alaserjet_managed_mfp_e82560_x3a71apagewide_managed_mfp_p77960_2gp23alaserjet_managed_mfp_e72425_5cm70alaserjet_managed_flow_mfp_e72530_x3a66alaserjet_enterprise_flow_mfp_m880z_l3u51alaserjet_enterprise_mfp_m631_j8j64alaserjet_managed_mfp_e82560_z8z19laserjet_managed_flow_mfp_e87640_z8z12apagewide_managed_mfp_p77960_5zn98alaserjet_managed_flow_mfp_m630_p7z48apagewide_managed_flow_mfp_e77650_z5g79alaserjet_enterprise_m4555_mfp_ce503alaserjet_managed_mfp_e77428_5rc92alaserjet_enterprise_m806_cz244alaserjet_managed_flow_mfp_e72525_x3a63apagewide_mfp_779_4pz46apagewide_managed_mfp_p77940_y3z62alaserjet_managed_mfp_e62555_j8j66apagewide_enterprise_flow_mfp_586z_g1w40alaserjet_managed_m605_l3u53alaserjet_managed_mfp_e72525_x3a63alaserjet_enterprise_m608_k0q18apagewide_managed_mfp_p77940_2gp23alaserjet_enterprise_flow_mfp_m680_ca251alaserjet_managed_mfp_e87660_x3a86alaserjet_enterprise_m651_cz256alaserjet_enterprise_flow_mfp_m575_cd644apagewide_managed_mfp_p77950_2gp23apagewide_managed_e55650_l3u44alaserjet_enterprise_m609_k0q20apagewide_enterprise_556_g1w46apagewide_managed_mfp_p77950_5zp01alaserjet_managed_mfp_e77825_z8z02alaserjet_managed_flow_mfp_e62555_j8j79alaserjet_managed_flow_mfp_e87640_x3a87aofficejet_managed_mfp_x585_l3u40alaserjet_managed_mfp_e72535_x3a59alaserjet_managed_mfp_e82550_x3a72alaserjet_enterprise_flow_mfp_m880z_d7p70alaserjet_enterprise_m651_l8z07alaserjet_managed_flow_mfp_e77830_z8z01alaserjet_managed_mfp_e72530_x3a63alaserjet_managed_flow_mfp_e82560_z8z22alaserjet_managed_flow_mfp_e77830_x3a80apagewide_managed_mfp_p77960_y3z61alaserjet_enterprise_m606_e6b72alaserjet_enterprise_m605_e6b71alaserjet_managed_mfp_e62555_j8j73apagewide_managed_flow_mfp_e77660z_j7z05alaserjet_managed_mfp_e87660_x3a90alaserjet_managed_e65050_l3u56alaserjet_managed_flow_mfp_m830_l3u65alaserjet_managed_flow_mfp_e77830_z8z05alaserjet_enterprise_m607_k0q15apagewide_managed_mfp_p77960_2gp22alaserjet_managed_flow_mfp_e82540_az8z20alaserjet_enterprise_flow_mfp_m630_l3u62alaserjet_enterprise_m750_d3l08alaserjet_enterprise_m856_t3u51alaserjet_managed_mfp_e62555_j8j79alaserjet_enterprises_cp5525_ce709aofficejet_enterprise_flow_mfp_x585_b5l06alaserjet_managed_flow_mfp_e62565_j8j66alaserjet_managed_mfp_m577_b5l49alaserjet_managed_e65060_l3u55alaserjet_managed_flow_mfp_e87640_z8z13alaserjet_enterprise_m607_k0q14alaserjet_cm4540_mfp_cc421alaserjet_managed_flow_mfp_e72525_z8z06alaserjet_managed_flow_mfp_e82540_x3a71alaserjet_enterprise_m653_j8a06apagewide_managed_e75160_j7z06apagewide_managed_mfp_p77960_5zp00alaserjet_managed_flow_mfp_e62575_j8j73alaserjet_managed_mfp_e72530_z8z010alaserjet_managed_mfp_e87650_x3a89apagewide_managed_mfp_e58650dn_l3u43alaserjet_managed_e60075_m0p40alaserjet_managed_mfp_e87660_x3a93alaserjet_enterprise_m506_f2a69alaserjet_managed_mfp_e82540_x3a71apagewide_managed_mfp_p77940_5zp01alaserjet_enterprise_mfp_m633_j8j76alaserjet_managed_mfp_e82550_z8z19laserjet_enterprise_flow_mfp_m681_j8a13alaserjet_managed_flow_mfp_e62555_j8j67apagewide_managed_mfp_p77440_y3z60alaserjet_managed_m506_f2a71alaserjet_enterprise_600_m603_ce995alaserjet_managed_flow_mfp_e67550_l3u67alaserjet_enterprise_flow_mfp_m633_j8j78alaserjet_managed_mfp_e77830_x3a78apagewide_managed_mfp_p77940_5zn99apagewide_enterprise_mfp_586_g1w39alaserjet_managed_flow_mfp_e67550_l3u66alaserjet_managed_flow_mfp_e87650_x3a89alaserjet_managed_mfp_e72430_5cm68apagewide_managed_flow_mfp_e77660z_z5g77alaserjet_managed_flow_mfp_m880zm_a2w76alaserjet_managed_mfp_e67560_l3u70alaserjet_managed_m605_e6b71alaserjet_managed_e50145_1pu52alaserjet_managed_flow_mfp_e72525_z8z09alaserjet_enterprise_mfp_m527_f2a81alaserjet_enterprise_500_mfp_m525f_cf116alaserjet_managed_flow_mfp_e82540_z8z18alaserjet_enterprise_m506_f2a68alaserjet_managed_e60075_m0p35alaserjet_enterprise_m507_1pv86alaserjet_enterprise_m608_m0p32alaserjet_enterprise_m553_b5l26apagewide_managed_mfp_p77940_5zp00alaserjet_enterprise_mfp_m528_1ps54alaserjet_managed_500_mfp_m525_l3u59alaserjet_managed_mfp_e72425_5cm68alaserjet_managed_mfp_e72525_x3a60alaserjet_enterprise_mfp_m681_j8a13alaserjet_enterprise_mfp_m725_cf066alaserjet_managed_flow_mfp_e77825_x3a80alaserjet_managed_mfp_e77830_x3a81apagewide_managed_mfp_e58650dn_l3u42alaserjet_managed_mfp_e87650_x3a92alaserjet_managed_flow_mfp_e87660_z8z13alaserjet_managed_mfp_e82550_x3a82alaserjet_managed_mfp_e77825_z8z04alaserjet_managed_m506_f2a70alaserjet_managed_flow_mfp_e82540_x3a68alaserjet_managed_mfp_e77825_z8z00apagewide_enterprise_flow_mfp_785_j7z12alaserjet_enterprise_flow_mfp_m525_cf116alaserjet_managed_mfp_e72535_z8z07alaserjet_enterprise_flow_mfp_m631_j8j65alaserjet_managed_m651_h0dc9alaserjet_managed_flow_mfp_e87640_x3a86alaserjet_managed_e50045_3gn19alaserjet_enterprise_m653_j8a04alaserjet_enterprise_flow_mfp_m577_b5l54alaserjet_enterprise_flow_mfp_m577_b5l47alaserjet_managed_flow_mfp_m880zm_l3u51alaserjet_enterprise_600_m602_ce992alaserjet_enterprise_m605_e6b69alaserjet_managed_mfp_e52645_1pv65alaserjet_enterprise_flow_mfp_m630_p7z47alaserjet_managed_mfp_m725_cf066alaserjet_enterprise_m507_1pv89alaserjet_managed_mfp_e82540_x3a69alaserjet_managed_mfp_e87660_z8z15alaserjet_managed_mfp_m630_b3g84alaserjet_managed_flow_mfp_e77830_x3a83alaserjet_managed_mfp_e87660_z8z16alaserjet_enterprise_mfp_m725_cf068alaserjet_managed_flow_mfp_e87640_x3a90alaserjet_managed_mfp_e82550_x3a71apagewide_managed_mfp_p77950_y3z66alaserjet_managed_mfp_e72530_x3a66alaserjet_enterprise_flow_mfp_m681_j8a10alaserjet_managed_flow_mfp_e82540_z8z22alaserjet_managed_mfp_e72425_5cm71alaserjet_managed_flow_mfp_e82560_z8z18alaserjet_enterprise_700_m712_cf236alaserjet_enterprise_mfp_m631_j8j63alaserjet_managed_flow_mfp_e72530_x3a63alaserjet_managed_500_mfp_m575_l3u45alaserjet_managed_e65060_l3u56alaserjet_managed_flow_mfp_e87650_z8z13alaserjet_enterprise_mfp_m632_j8j70apagewide_enterprise_556_g1w46vlaserjet_managed_e85055_t3u51alaserjet_managed_mfp_e72425_5cm69alaserjet_enterprise_flow_mfp_m632_j8j71alaserjet_enterprise_m751_t3u43alaserjet_managed_mfp_e62555_j8j80alaserjet_enterprise_m651_cz257alaserjet_managed_mfp_e77422_5cm76alaserjet_managed_flow_mfp_e82560_x3a71alaserjet_managed_mfp_e87650_x3a90alaserjet_managed_mfp_e77822_z8z00alaserjet_managed_flow_mfp_e87650_x3a92alaserjet_managed_mfp_e67550_l3u69alaserjet_managed_mfp_e52645_1pv49alaserjet_enterprise_flow_mfp_m575_cd646alaserjet_enterprise_mfp_m632_j8j71alaserjet_managed_flow_mfp_e82540_z8z19laserjet_enterprise_m806_cz245alaserjet_enterprise_mfp_m528_1pv66alaserjet_managed_flow_mfp_e52545c_3gy19alaserjet_enterprise_500_m551_cf083alaserjet_managed_e60065_m0p40alaserjet_managed_flow_mfp_e62575_j8j79apagewide_mfp_774_4pz43alaserjet_managed_mfp_e87640_z8z13alaserjet_enterprises_cp5525_ce707alaserjet_managed_mfp_e82540_z8z23apagewide_managed_mfp_p77940_2gp22alaserjet_managed_e60075_m0p36alaserjet_enterprise_700_mfp_m775_cc523alaserjet_enterprise_mfp_m682_j8a16alaserjet_managed_mfp_e77428_5cm76alaserjet_managed_e60055_m0p35alaserjet_managed_mfp_e77422_5cm79alaserjet_managed_mfp_e72430_5rc90alaserjet_managed_mfp_m725_l3u63alaserjet_managed_mfp_e62565_j8j67alaserjet_enterprise_m855_a2w78aofficejet_enterprise_mfp_x585_b5l04alaserjet_managed_flow_mfp_e87640_z8z16alaserjet_managed_e75245_t3u44alaserjet_managed_mfp_e87650_x3a87alaserjet_managed_flow_mfp_m680_l3u48apagewide_mfp_779_4pz45alaserjet_managed_flow_mfp_e72535_x3a59alaserjet_managed_flow_mfp_e82560_x3a75alaserjet_managed_mfp_e82550_x3a75alaserjet_enterprise_m856_t3u66alaserjet_managed_flow_mfp_e82550_x3a74alaserjet_managed_flow_mfp_e67550_l3u69alaserjet_managed_mfp_e87640_x3a92apagewide_enterprise_mfp_586_g1w40alaserjet_managed_mfp_e82550_z8z22alaserjet_managed_flow_mfp_e77822_z8z01alaserjet_managed_mfp_e87660_z8z13apagewide_managed_mfp_p77940_y3z65alaserjet_enterprise_m609_k0q21alaserjet_managed_mfp_e72525_z8z09alaserjet_managed_flow_mfp_e87650_z8z12alaserjet_managed_mfp_e62565_j8j73alaserjet_enterprise_500_mfp_m575_cd644alaserjet_managed_mfp_e87640_x3a87alaserjet_enterprise_m605_e6b70alaserjet_managed_mfp_m680_l3u48alaserjet_enterprise_m606_e6b73alaserjet_enterprise_m608_k0q19alaserjet_managed_flow_mfp_e87660_z8z16alaserjet_enterprise_m750_d3l09alaserjet_managed_mfp_e52545_3gy20aofficejet_enterprise_flow_mfp_x585_b5l07alaserjet_managed_mfp_e87660_x3a87alaserjet_enterprise_mfp_m725_l3u63apagewide_managed_mfp_p77950_y3z63alaserjet_managed_mfp_e87650_z8z14alaserjet_managed_m651_l8z07apagewide_managed_mfp_e77650_z5g79alaserjet_managed_flow_mfp_m880zm_l3u52apagewide_managed_mfp_p77950_y3z68alaserjet_managed_mfp_e77822_x3a78alaserjet_managed_e50145_1pv87alaserjet_managed_mfp_e62565_j8j80apagewide_managed_mfp_p77960_5zp01alaserjet_enterprise_600_m601_ce990alaserjet_managed_flow_mfp_e62565_j8j73alaserjet_enterprise_flow_mfp_m682_j8a16alaserjet_managed_flow_mfp_e87650_z8z17alaserjet_managed_mfp_e77830_z8z00alaserjet_enterprise_mfp_m681_j8a11a_laserjet_managed_flow_mfp_e87660_x3a93alaserjet_enterprise_mfp_m527_f2a77alaserjet_managed_mfp_e72525_z8z06alaserjet_enterprise_mfp_m528_1ps55alaserjet_managed_flow_mfp_e62565_j8j67apagewide_enterprise_mfp_780_j7z10alaserjet_enterprise_flow_mfp_m830_cf367alaserjet_managed_flow_mfp_e82550_x3a68alaserjet_enterprise_flow_mfp_m527z_f2a76alaserjet_managed_flow_mfp_e82540_x3a75alaserjet_managed_flow_mfp_e72535_x3a62alaserjet_managed_flow_mfp_e87640_x3a89alaserjet_enterprise_mfp_m527_f2a78alaserjet_managed_mfp_e72535_z8z010alaserjet_cm4540_mfp_cc419alaserjet_managed_flow_mfp_e72530_x3a59alaserjet_managed_mfp_e72530_x3a62alaserjet_enterprise_m507_1pu51apagewide_managed_mfp_p77960_2gp26alaserjet_enterprise_mfp_m682_j8a17alaserjet_managed_mfp_e87640_z8z15alaserjet_managed_flow_mfp_e87650_x3a93alaserjet_managed_mfp_e87650_z8z12alaserjet_managed_flow_mfp_e72530_x3a60alaserjet_managed_mfp_e77422_5cm78alaserjet_enterprise_m604_e6b67alaserjet_managed_flow_mfp_e72535_z8z010alaserjet_enterprise_flow_mfp_m577_b5l48alaserjet_managed_flow_mfp_e82560_az8z20alaserjet_managed_flow_mfp_e87650_z8z14apagewide_managed_flow_mfp_e58650z_l3u42alaserjet_managed_flow_mfp_e87660_z8z12alaserjet_enterprise_flow_mfp_m632_j8j70alaserjet_enterprise_m553_b5l25alaserjet_enterprise_700_mfp_m775_l3u49aofficejet_enterprise_mfp_x585_b5l05apagewide_enterprise_765_j7z04alaserjet_managed_mfp_e82540_x3a68alaserjet_managed_mfp_e72430_5cm69alaserjet_managed_flow_mfp_e87660_z8z17alaserjet_managed_mfp_e72530_z8z011alaserjet_enterprise_m651_cz255alaserjet_enterprise_mfp_m681_j8a10apagewide_managed_mfp_e77650_j7z14alaserjet_managed_mfp_e52645_1pv66alaserjet_enterprise_flow_mfp_m880z_d7p71alaserjet_enterprise_m856_t3u52alaserjet_managed_mfp_e87660_x3a92alaserjet_managed_mfp_m775_cc522alaserjet_managed_mfp_e67550_l3u70alaserjet_managed_mfp_e82560_z8z18apagewide_managed_mfp_p77940_y3z61alaserjet_managed_mfp_e82540_x3a75alaserjet_enterprise_mfp_m630_b3g84apagewide_managed_mfp_p77960_y3z68alaserjet_managed_e60055_m0p36alaserjet_managed_mfp_e77825_x3a81alaserjet_managed_flow_mfp_e87660_z8z15alaserjet_enterprise_m750_d3l10alaserjet_managed_mfp_e72525_x3a62apagewide_managed_flow_mfp_e77660z_j7z13alaserjet_enterprise_flow_mfp_m880z_l3u52alaserjet_managed_mfp_m577_b5l50adigital_sender_flow_8500_fn2_document_capture_workstation_l2762alaserjet_managed_mfp_e52645_1ps55alaserjet_managed_flow_mfp_e87640_z8z14alaserjet_managed_mfp_e67560_l3u66alaserjet_managed_mfp_m725_cf069alaserjet_managed_flow_mfp_m577_b5l50alaserjet_managed_e55040dw_3gx98ascanjet_enterprise_flow_n9120_fn2_document_scanner_l2763alaserjet_enterprise_mfp_m680_cz250alaserjet_enterprise_mfp_m776_t3u56alaserjet_managed_mfp_e82550_x3a74afuturesmart_3laserjet_enterprise_m751_t3u64alaserjet_enterprise_flow_mfp_m525_cf118alaserjet_enterprise_mfp_m680_ca251alaserjet_managed_mfp_e87640_x3a93alaserjet_managed_mfp_e67550_l3u66alaserjet_managed_mfp_e77428_5cm75alaserjet_managed_flow_mfp_e62565_j8j74alaserjet_managed_mfp_m775_cf304alaserjet_managed_flow_mfp_e72530_x3a65alaserjet_managed_e65060_l3u57alaserjet_managed_flow_mfp_e72535_z8z07alaserjet_managed_flow_mfp_m527z_f2a80alaserjet_managed_mfp_e72425_5rc90apagewide_managed_mfp_p77960_2gp25apagewide_enterprise_mfp_780_j7z09alaserjet_managed_mfp_e87660_z8z17alaserjet_enterprise_m605_l3u53alaserjet_managed_flow_mfp_e87660_x3a87alaserjet_managed_mfp_e72430_5cm70alaserjet_managed_mfp_e72535_z8z09alaserjet_managed_flow_mfp_e77822_z8z05alaserjet_managed_flow_mfp_e62555_j8j66alaserjet_managed_mfp_e62565_j8j66alaserjet_enterprise_500_m551_cf082alaserjet_enterprise_m855_d7p72alaserjet_managed_e50145_1pv86alaserjet_managed_mfp_e82540_x3a74alaserjet_managed_flow_mfp_e72535_x3a66alaserjet_enterprise_mfp_m528_1pv64alaserjet_enterprise_mfp_m630_l3u61alaserjet_managed_mfp_m725_l3u64alaserjet_enterprise_mfp_m577_b5l54alaserjet_managed_mfp_e72425_5rc89apagewide_managed_mfp_p77960_y3z64alaserjet_managed_m553_b5l25alaserjet_managed_mfp_e72535_x3a65apagewide_enterprise_556_g1w47alaserjet_managed_mfp_e87650_z8z13alaserjet_managed_flow_mfp_e82550_x3a75ascanjet_enterprise_8500_fn1_document_capture_workstation_l2717apagewide_managed_mfp_p77950_2gp25apagewide_managed_mfp_e77650_j7z05alaserjet_managed_flow_mfp_e67560_l3u67alaserjet_managed_flow_mfp_e62575_j8j80alaserjet_managed_mfp_e72530_z8z07alaserjet_managed_flow_mfp_e77822_x3a83alaserjet_managed_flow_mfp_e77825_x3a77alaserjet_managed_flow_mfp_e72530_z8z09alaserjet_managed_m506_f2a66apagewide_managed_mfp_p77950_y3z61alaserjet_enterprise_mfp_m528_1pv67apagewide_managed_mfp_p77960_y3z66alaserjet_managed_mfp_e52645_1ps54alaserjet_enterprise_700_m712_cf238alaserjet_managed_flow_mfp_e77830_z8z0alaserjet_managed_m506_f2a67alaserjet_managed_flow_mfp_e87660_x3a90alaserjet_managed_mfp_e77825_x3a78alaserjet_enterprise_flow_mfp_m776_t3u56alaserjet_managed_mfp_e82550_z8z18alaserjet_managed_flow_mfp_e87660_x3a89alaserjet_managed_flow_mfp_e87640_z8z17alaserjet_managed_m553_b5l39alaserjet_managed_mfp_e67560_l3u67alaserjet_managed_flow_mfp_e67560_l3u69apagewide_managed_flow_mfp_e77660z_z5g79alaserjet_managed_mfp_e72535_x3a66alaserjet_managed_mfp_e82560_x3a82alaserjet_managed_flow_mfp_e72525_z8z011alaserjet_managed_flow_mfp_e72530_z8z08alaserjet_managed_flow_mfp_m880zm_d7p70alaserjet_managed_flow_mfp_e77822_x3a80alaserjet_managed_flow_mfp_e67560_l3u66alaserjet_managed_m506_f2a68alaserjet_managed_flow_mfp_e82550_z8z19laserjet_managed_flow_mfp_m525_l3u60alaserjet_managed_e60065_m0p33aofficejet_managed_flow_mfp_x585_l3u41alaserjet_managed_flow_mfp_e82560_x3a72alaserjet_managed_m553_bl27alaserjet_enterprise_flow_mfp_m680_cz249apagewide_managed_flow_mfp_e77650_j7z05alaserjet_enterprise_flow_mfp_m525_cf117alaserjet_enterprise_mfp_m630_j7x28apagewide_managed_flow_mfp_e58650z_l3u43alaserjet_enterprise_flow_mfp_m680_cz250alaserjet_managed_mfp_e87640_z8z12aHP Color LaserJet Managed Printers, HP Color LaserJet Enterprise Printers
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-18955
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.17%
||
7 Day CHG~0.00%
Published-19 Dec, 2019 | 17:00
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web console in Lansweeper 7.2.105.2 has XSS via the URL path. Product vulnerability has been fixed and disclosed within changelog as of 02 Dec 2019.

Action-Not Available
Vendor-lansweepern/a
Product-lansweepern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19592
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.33% / 55.11%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 18:27
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jama Connect 8.44.0 is vulnerable to stored Cross-Site Scripting

Action-Not Available
Vendor-jamasoftwaren/a
Product-connectn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 180
  • 181
  • Next
Details not found