Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-0700 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
|
|||||
| CVE-2019-9961 | 1 Wikindx Project | 1 Wikindx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in ressource view in core/modules/resource/RESOURCEVIEW.php in Wikindx prior to version 5.7.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
|||||
| CVE-2019-9957 | 1 Quadbase | 1 Espressreport Es | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Stored XSS within Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload can then be triggered by accessing the "Set Security Levels" or "View User/Group Relationships" page. If the attacker does not currently have permission to create a new user, another vulnerability such ...
Show More |
|||||
| CVE-2019-9955 | 1 Zyxel | 42 Atp200, Atp200 Firmware, Atp500 and 39 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter.
|
|||||
| CVE-2019-9925 | 1 S-cms | 1 S-cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter.
|
|||||
| CVE-2019-9919 | 1 Harmistechnology | 1 Je Messenger | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when the message is opened, aka XSS.
|
|||||
| CVE-2019-9914 | 1 Yop-poll | 1 Yop-poll | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes poll_id XSS.
|
|||||
| CVE-2019-9913 | 1 3cx | 1 Live Chat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS.
|
|||||
| CVE-2019-9912 | 1 Codecabin | 1 Wp Go Maps | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO.
|
|||||
| CVE-2019-9911 | 1 Nextscripts | 1 Social Networks Auto Poster | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS.
|
|||||
| CVE-2019-9910 | 1 King-theme | 1 Kingcomposer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS.
|
|||||
| CVE-2019-9909 | 1 Givewp | 1 Givewp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS.
|
|||||
| CVE-2019-9908 | 1 Hivewebstudios | 1 Font Organizer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php manage_font_id XSS.
|
|||||
| CVE-2019-9844 | 2 Fedoraproject, Khanacademy | 2 Fedora, Simple-markdown | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI.
|
|||||
| CVE-2019-9841 | 1 Vestacp | 1 Control Panel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL.
|
|||||
| CVE-2019-9839 | 1 Vfront | 1 Vfront | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
VFront 0.99.5 has Reflected XSS via the admin/menu_registri.php descrizione_g parameter or the admin/sync_reg_tab.php azzera parameter.
|
|||||
| CVE-2019-9838 | 1 Vfront | 1 Vfront | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
VFront 0.99.5 has stored XSS via the admin/sync_reg_tab.php azzera parameter, which is mishandled during admin/error_log.php rendering.
|
|||||
| CVE-2019-9834 | 1 Netdata | 1 Netdata | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to steal authentication credentials or to control how the site is rendered to the user. NOTE: the vendor disputes the risk because there is a clear warning next to the button for importing a snapshot
|
|||||
| CVE-2019-9765 | 1 Blog Mini Project | 1 Blog Mini | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Blog_mini 1.0, XSS exists via the author name of a comment reply in the app/main/views.py articleDetails() function, related to app/templates/_article_comments.html.
|
|||||
| CVE-2019-9763 | 1 Openfind | 1 Mail2000 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an '<object data="data:text/html' substring in an e-mail message (The vendor subsequently patched this).
|
|||||
| CVE-2019-9758 | 1 Labkey | 1 Labkey Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in LabKey Server 19.1.0. The display name of a user is vulnerable to stored XSS that can execute on administrators from security/permissions.view, security/addUsers.view, or wiki/Administration/page.view in the admin panel, leading to privilege escalation.
|
|||||
| CVE-2019-9752 | 2 Opensuse, Otrs | 3 Backports Sle, Leap, Otrs | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm.
|
|||||
| CVE-2019-9751 | 1 Otrs | 1 Otrs | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in Open Ticket Request System (OTRS) 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm.
|
|||||
| CVE-2019-9738 | 1 Golangtc | 1 Gopher | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
jimmykuu Gopher 2.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring.
|
|||||
| CVE-2019-9737 | 1 Ipandao | 1 Editor.md | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Editor.md 1.5.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring.
|
|||||
| CVE-2019-9736 | 1 1024tools | 1 1024tools | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
DOM-based XSS exists in 1024Tools Markdown 1.0 via vectors involving the '<EMBED SRC="data:image/svg+xml' substring.
|
|||||
| CVE-2019-9725 | 1 Korenix | 5 Jetport 5601, Jetport 5601 Firmware, Jetport 5601f and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Web manager (aka Commander) on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting.
|
|||||
| CVE-2019-9714 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Joomla! before 3.9.4. The media form field lacks escaping, leading to XSS.
|
|||||
| CVE-2019-9712 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Joomla! before 3.9.4. The JSON handler in com_config lacks input validation, leading to XSS.
|
|||||
| CVE-2019-9711 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS.
|
|||||
| CVE-2019-9709 | 1 Mahara | 1 Mahara | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. The collection title is vulnerable to Cross Site Scripting (XSS) due to not escaping it when viewing the collection's SmartEvidence overview page (if that feature is turned on). This can be exploited by any logged-in user.
|
|||||
| CVE-2019-9701 | 1 Symantec | 1 Data Loss Prevention | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
|
|||||
| CVE-2019-9696 | 1 Symantec | 1 Vip Enterprise Gateway | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Symantec VIP Enterprise Gateway (all versions) may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.
|
|||||
| CVE-2019-9669 | 1 Wordfence | 1 Wordfence | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Wordfence plugin 7.2.3 for WordPress allows XSS via a unique attack vector. NOTE: It has been asserted that this is not a valid vulnerability in the context of the Wordfence WordPress plugin as the firewall rules are not maintained as part of the Wordfence software but rather it is a set of rules hosted on vendor servers and pushed to the plugin with no versioning associated. Bypassing a WAF rule doesn't make a WordPress site vulnerable (speaking in terms of software vulnerabilities)
|
|||||
| CVE-2019-9661 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Stored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_config_edit.html "value" parameter,
|
|||||
| CVE-2019-9660 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html "catname" parameter.
|
|||||
| CVE-2019-9650 | 1 Upcoming Events Project | 1 Upcoming Events | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An XSS issue was discovered in upcoming_events.php in the Upcoming Events plugin before 1.33 for MyBB via a crafted name for an event.
|
|||||
| CVE-2019-9647 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Gila CMS 1.9.1 has XSS.
|
|||||
| CVE-2019-9646 | 1 Codepeople | 1 Contact Form Email | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Contact Form Email plugin before 1.2.66 for WordPress allows wp-admin/admin.php item XSS, related to cp_admin_int_edition.inc.php in the "custom edition area."
|
|||||
| CVE-2019-9644 | 1 Jupyter | 1 Notebook | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
|
An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of error messages, though not reproduced with other browsers. This occurs because Internet Explorer's error messages can include the content of any invalid JavaScript that was encountered.
|
|||||