| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534. |
| PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter. |
| GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is mishandled during a mouse operation by an administrator. |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI. |
| cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a "Posts > Add New" action, and during creation of new tags and users. |
| cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter. |
| Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET. |
| Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search. |
| PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter. |
| The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks. |
| PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php. |
| The UMA product with software V200R001 and V300R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks. |
| In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event. |
| Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request. |
| IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
| Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter. |
| PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter. |
| Craft CMS before 2.6.2974 allows XSS attacks. |
| In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks. |
| PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter. |
