Proteus® NextGen Data Privacy™ users can receive automated alerts using this data by linking it to their ITIL CMDB (IT asset register)

2024

2023

2022

2021

2020

CVE-2020-11512 (v3: 5.4) 7 Apr 2020
Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 allows authenticated attackers with minimal (subscriber-level) permissions to save arbitrary JavaScript in the plugin's settings panel via the idx_update_recaptcha_key AJAX action and a crafted idx_recaptcha_site_key parameter, which would then be executed in the browser of any administrator visiting the panel. This could be used to create new administrator-level accounts.

2019

CVE-2019-18893 (v3: 6.1) 13 Jan 2020
XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component. While Video Downloader is technically a browser extension, it is granted a very wide set of privileges and can for example access cookies and browsing history, spy on the user while they are surfing the web, and alter their surfing experience in almost arbitrary ways.
CVE-2019-10771 (v3: 6.1) 25 Nov 2019
Characters in the GET url path are not properly escaped and can be reflected in the server response.
CVE-2019-17207 (v3: 5.4) 18 Oct 2019
A reflected XSS vulnerability was found in includes/admin/table-printer.php in the broken-link-checker (aka Broken Link Checker) plugin 1.11.8 for WordPress. This allows unauthorized users to inject client-side JavaScript into an admin-only WordPress page via the wp-admin/tools.php?page=view-broken-links s_filter parameter in a search action.
CVE-2019-16521 (v3: 6.1) 16 Oct 2019
The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payload in the s_filter GET parameter in a filter_id=search request. NOTE: this is an end-of-life product.
CVE-2019-3562 (v3: 6.1) 29 Apr 2019
A remote web page could inject arbitrary HTML code into the Oculus Browser UI, allowing an attacker to spoof UI and potentially execute code. This affects the Oculus Browser starting from version 5.2.7 until 5.7.11.

2018

CVE-2018-17061 (v3: 6.1) 15 Sep 2018
BullGuard Safe Browsing before 18.1.355.9 allows XSS on Google, Bing, and Yahoo! pages via domains indexed in search results.
CVE-2018-16134 (v3: 6.1) 29 Aug 2018
Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI.
CVE-2018-1000559 (v3: 6.1) 26 Jun 2018
qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be exploitable via the victim must open a page with a specially crafted attribute, and then open the qute://history site via the :history command. This vulnerability appears to have been fixed in fixed in v1.3.3 (4c9360237f186681b1e3f2a0f30c45161cf405c7, to be released today) and v1.4.0 (5a7869f2feaa346853d2a85413d6527c87ef0d9f, released later this week).
CVE-2018-6900 (v3: 5.4) 12 Apr 2018
PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page.

2017

CVE-2017-6225 (v3: 6.1) 8 Feb 2018
Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information.
CVE-2017-17859 (v3: 6.1) 27 Dec 2017
Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML file does not have a document.domain value corresponding to the domain that is hosting the MHTML file, but instead has a document.domain value corresponding to an arbitrary URL within the content of the MHTML file.
CVE-2017-14651 (v3: 4.8) 21 Sep 2017
WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.
CVE-2017-3165 (v3: 5.4) 13 Sep 2017
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to be a proof-of-concept exploit using this vulnerability.

2016

CVE-2016-10897 (v3: 6.1) 21 Aug 2019
The sermon-browser plugin before 0.45.16 for WordPress has multiple XSS issues.
CVE-2016-9473 (v3: 4.7) 28 Mar 2017
Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names.
CVE-2016-8505 (v3: 6.1) 26 Oct 2016
XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code.
CVE-2016-8506 (v3: 6.1) 26 Oct 2016
XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code.
CVE-2016-1000154 (v3: 6.1) 10 Oct 2016
Reflected XSS in wordpress plugin whizz v1.0.7

2015

CVE-2015-9468 (v3: 6.1) 10 Oct 2019
The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action.
CVE-2015-9453 (v3: 6.1) 7 Oct 2019
The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist.
CVE-2015-9403 (v3: 6.1) 20 Sep 2019
The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_location XSS.
CVE-2015-9404 (v3: 6.1) 20 Sep 2019
The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_keywords XSS.
CVE-2015-5057 (v3: 6.1) 18 Aug 2017
Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed.
CVE-2015-0724 (v2: 4.3) 15 May 2015
Multiple cross-site scripting (XSS) vulnerabilities in dncs 7.0.0.12 in Cisco Headend Digital Broadband Delivery System allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCur25604.