| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP). |
| An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member&a=adminaddsave has XSS via the username or password parameter. |
| An issue was discovered in PHP Scripts Mall API Based Travel Booking 3.4.7. There is Reflected XSS via the flight-results.php d2 parameter. |
| PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has Stored XSS in the Profile Update page via the My Name field. |
| An issue was discovered in PHP Scripts Mall Investment MLM Software 2.0.2. Stored XSS was found in the the My Profile Section. This is due to lack of sanitization in the Edit Name section. |
| Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could enable account creation and deletion as well as deletion of information contained within the app. |
| An issue was discovered in SIDU 6.0. Because the database name is not strictly filtered, the attacker can insert a name containing an XSS Payload, leading to stored XSS. |
| An issue was discovered in SIDU 6.0. The dbs parameter of the conn.php page has a reflected Cross-site Scripting (XSS) vulnerability. |
| In DbNinja 3.2.7, the Add Host function of the Manage Hosts pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name field. |
| An issue was discovered in MyWebSQL 3.7. The Add User function of the User Manager pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name Field. |
| In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability. |
| Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring. |
| cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter. |
| PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected Cross-Site Scripting (XSS) via the Search field. |
| PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected HTML injection via the Search Form. |
| PHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the STREET field in the Profile Edit section. |
| PHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the Search Bar. |
| XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the autorefTime or graphTypes parameter. |
| XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the groupDesc, groupName, groupID, or task parameter. |
| XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter. |
