| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574). |
| cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573). |
| cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569). |
| cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566). |
| cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564). |
| The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no longer supported by the maintainer |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need to have valid administrative credentials. |
| Online Marriage Registration System 1.0 is affected by stored cross-site scripting (XSS) vulnerabilities in multiple parameters. |
| Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution. |
| FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account and also impact other visitors. |
| An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php |
| An issue was discovered in Zammad before 3.4.1. There is Stored XSS via a Tags element in a TIcket. |
| Project Worlds Online Examination System 1.0 is affected by Cross Site Scripting (XSS) via account.php. |
| SourceCodester Student Management System Project in PHP version 1.0 is vulnerable to stored a cross-site scripting (XSS) via the 'add subject' tab. |
| Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field. |
| Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted user_login. |
| Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripting (XSS) vulnerability. The XSS payload will execute on the class room, which leads to stealing cookies from users who join the class. NOTE: Third-parties dispute the validity of this entry as a possible false positive during research |
| The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in "Machine Address Book". Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions |
| A stored cross site scripting (XSS) vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Username' parameter. |
| A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the 'Output Filters' and 'Droplets' modules. |
