Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9606 | 1 Personal Video Collection Script Project | 1 Personal Video Collection Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PHP Scripts Mall Personal Video Collection Script 4.0.4 has Stored XSS via the "Update profile" feature.
|
|||||
| CVE-2019-9605 | 1 Online Lottery Php Readymade Script Project | 1 Online Lottery Php Readymade Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Reflected Cross-site Scripting (XSS) via the err value in a .ico picture upload.
|
|||||
| CVE-2019-9595 | 1 Appcms | 1 Appcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
AppCMS 2.0.101 allows XSS via the upload/callback.php params parameter.
|
|||||
| CVE-2019-9593 | 1 Mitel | 1 Connect Onsite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
|
|||||
| CVE-2019-9592 | 1 Mitel | 1 Connect Onsite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
|
|||||
| CVE-2019-9591 | 1 Mitel | 1 Connect Onsite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 allows remote attackers to inject arbitrary web script or HTML via the brandUrl parameter.
|
|||||
| CVE-2019-9580 | 1 Stackstorm | 1 Stackstorm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a "null" origin value, potentially leading to XSS.
|
|||||
| CVE-2019-9576 | 1 Adenion | 1 Blog2social | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS.
|
|||||
| CVE-2019-9575 | 1 Quizandsurveymaster | 1 Quiz And Survey Master | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Quiz And Survey Master plugin 6.0.4 for WordPress allows wp-admin/admin.php?page=mlw_quiz_results quiz_id XSS.
|
|||||
| CVE-2019-9570 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/system_manage/save.html URI, related to the site_code parameter.
|
|||||
| CVE-2019-9567 | 1 Incsub | 1 Forminator | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll.
|
|||||
| CVE-2019-9558 | 1 Mailtraq | 1 Webmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting (XSS) via the body of an e-mail message. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe.
|
|||||
| CVE-2019-9557 | 1 Codecrafters | 1 Ability Mail Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe.
|
|||||
| CVE-2019-9556 | 1 Fiberhomegroup | 2 An5506-04-f, An5506-04-f Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
FiberHome an5506-04-f RP2669 devices have XSS.
|
|||||
| CVE-2019-9554 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI.
|
|||||
| CVE-2019-9553 | 1 Boltcms | 1 Bolt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933.
|
|||||
| CVE-2019-9551 | 1 Wdoyo | 1 Doyocms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in DOYO (aka doyocms) 2.3 through 2015-05-06. It has admin.php XSS.
|
|||||
| CVE-2019-9550 | 1 Dhcms Project | 1 Dhcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
DhCms through 2017-09-18 has admin.php?r=admin/Index/index XSS.
|
|||||
| CVE-2019-9542 | 1 Telos | 1 Automated Message Handling System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
|
|||||
| CVE-2019-9541 | 1 Telos | 1 Automated Message Handling System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
: Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
|
|||||
| CVE-2019-9540 | 1 Telos | 1 Automated Message Handling System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prefs.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
|
|||||
| CVE-2019-9539 | 1 Telos | 1 Automated Message Handling System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ModalWindowPopup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
|
|||||
| CVE-2019-9538 | 1 Telos | 1 Automated Message Handling System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
|
|||||
| CVE-2019-9537 | 1 Telos | 1 Automated Message Handling System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uploaditem.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
|
|||||
| CVE-2019-9509 | 1 Vertiv | 2 Avocent Umg-4000, Avocent Umg-4000 Firmware | 2024-11-21 | 3.5 LOW | 6.3 MEDIUM |
|
The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before displaying to users in a web page, which could allow a remote attacker authenticated with a user account to execute arbitrary code.
|
|||||
| CVE-2019-9508 | 1 Vertiv | 2 Avocent Umg-4000, Avocent Umg-4000 Firmware | 2024-11-21 | 3.5 LOW | 6.3 MEDIUM |
|
The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to stored XSS. A remote attacker authenticated with an administrator account could store a maliciously named file within the web application that would execute each time a user browsed to the page.
|
|||||
| CVE-2019-9230 | 1 Audiocodes | 8 Mediant 500-mbsr, Mediant 500-mbsr Firmware, Mediant 500l-msbr and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting (XSS) vulnerability in the search function of the management web interface allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
|
|||||
| CVE-2019-9226 | 1 Baigo | 1 Baigo Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in baigo CMS 2.1.1. There is a persistent XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the opt[base][BG_SITE_NAME] parameter to the bg_console/index.php?m=opt&c=request URI.
|
|||||
| CVE-2019-9207 | 1 Paessler | 1 Prtg Network Monitor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm searchtext parameter. NOTE: This product is discontinued.
|
|||||
| CVE-2019-9206 | 1 Paessler | 1 Prtg Network Monitor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm errormsg or loginurl parameter. NOTE: This product is discontinued.
|
|||||
| CVE-2019-9168 | 1 Woocommerce | 1 Woocommerce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
WooCommerce before 3.5.5 allows XSS via a Photoswipe caption.
|
|||||
| CVE-2019-9167 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
|
|||||
| CVE-2019-9164 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job.
|
|||||
| CVE-2019-9145 | 1 Hsycms | 1 Hsycms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Hsycms V1.1. There is an XSS vulnerability via the name field to the /book page.
|
|||||
| CVE-2019-9142 | 1 B3log | 1 Symphony | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java.
|
|||||
| CVE-2019-9108 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app/core/map.php.
|
|||||
| CVE-2019-9094 | 1 Humhub | 1 Humhub | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in /s/adada/cfiles/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing JavaScript in the filename is echoed back in JavaScript code, which resulted in XSS.
|
|||||
| CVE-2019-9093 | 1 Humhub | 1 Humhub | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in file/file/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing a JavaScript payload in the filename parameter is echoed back, which resulted in reflected XSS.
|
|||||
| CVE-2019-9078 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT.
|
|||||
| CVE-2019-9066 | 1 Php Appointment Booking Script Project | 1 Php Appointment Booking Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PHP Scripts Mall PHP Appointment Booking Script 3.0.3 allows HTML injection in a user profile.
|
|||||