| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field. |
| A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer |
| A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer |
| A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer |
| Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka File Upload) request with a multipart/form-data JavaScript payload. |
| An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI. |
| XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter. |
| The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[ substring. |
| Prospecta Master Data Online (MDO) 2.0 has Stored XSS. |
| Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM Community Edition 6.5.26 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. |
| A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name. |
| A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name. |
| Ingenico Telium 2 POS terminals have hardcoded FTP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N. |
| Ingenico Telium 2 POS terminals have hardcoded PPP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N. |
| In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter. |
| In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI. |
| AirTies Air 5443v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. |
| AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. |
| AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. |
| AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. |
