Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8432 | 1 Cmseasy | 1 Cmseasy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter.
|
|||||
| CVE-2019-8426 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.
|
|||||
| CVE-2019-8425 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.
|
|||||
| CVE-2019-8419 | 1 Vnote Project | 1 Vnote | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
VNote 2.2 has XSS via a new text note.
|
|||||
| CVE-2019-8410 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key).
|
|||||
| CVE-2019-8400 | 1 Ory | 1 Hydra | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter.
|
|||||
| CVE-2019-8391 | 1 Qdpm | 1 Qdpm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
qdPM 9.1 suffers from Cross-site Scripting (XSS) via configuration?type=[XSS] parameter.
|
|||||
| CVE-2019-8390 | 1 Qdpm | 1 Qdpm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keywords] parameter.
|
|||||
| CVE-2019-8368 | 1 Open-emr | 1 Openemr | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
OpenEMR v5.0.1-6 allows XSS.
|
|||||
| CVE-2019-8363 | 1 Verydows | 1 Verydows | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value.
|
|||||
| CVE-2019-8361 | 1 Responsive Video News Script Project | 1 Responsive Video News Script | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection.
|
|||||
| CVE-2019-8349 | 1 Htmly | 1 Htmly | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in HTMLy 2.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) destination parameter to delete feature; the (2) destination parameter to edit feature; (3) content parameter in the profile feature.
|
|||||
| CVE-2019-8346 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user's AD self-service password reset and MFA token.
|
|||||
| CVE-2019-8335 | 1 Schoolcms | 1 Schoolcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&id=[XSS].
|
|||||
| CVE-2019-8334 | 1 Schoolcms | 1 Schoolcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&viewid=[XSS].
|
|||||
| CVE-2019-8331 | 4 F5, Getbootstrap, Redhat and 1 more | 16 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 13 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
|
|||||
| CVE-2019-8290 | 1 Online Store System Project | 1 Online Store System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected.
|
|||||
| CVE-2019-8289 | 1 Online Store System Project | 1 Online Store System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable
|
|||||
| CVE-2019-8288 | 1 Online Store System Project | 1 Online Store System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized.
|
|||||
| CVE-2019-8279 | 1 Vanillaforums | 1 Vanilla Forums | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum.
|
|||||
| CVE-2019-8278 | 1 Invisioncommunity | 1 Invision Power Board | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution.
|
|||||
| CVE-2019-8233 | 1 Magento | 1 Magento | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a result of the sanitization engine ignoring HTML comments.
|
|||||
| CVE-2019-8228 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template.
|
|||||
| CVE-2019-8227 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML.
|
|||||
| CVE-2019-8160 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to information disclosure.
|
|||||
| CVE-2019-8157 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate downloadable link and cause an invocation of error handling that acceses user input without sanitization.
|
|||||
| CVE-2019-8153 | 1 Magento | 1 Magento | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A mitigation bypass to prevent cross-site scripting (XSS) exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Successful exploitation of this vulnerability would result in an attacker being able to bypass the `escapeURL()` function and execute a malicious XSS payload.
|
|||||
| CVE-2019-8152 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability exists in in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to the wysiwyg editor can abuse the blockDirective() function and inject malicious javascript in the cache of the admin dashboard.
|
|||||
| CVE-2019-8148 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when creating a content page via page builder.
|
|||||
| CVE-2019-8147 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via customer attribute label.
|
|||||
| CVE-2019-8146 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code when adding a new customer attribute for stores.
|
|||||
| CVE-2019-8145 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into the attribute set name when listing the products.
|
|||||
| CVE-2019-8142 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via title of an order when configuring sales payment methods for a store.
|
|||||
| CVE-2019-8139 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary Javascript code into the dynamic block when invoking page builder on a product.
|
|||||
| CVE-2019-8138 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can execute arbitrary JavaScript code by providing arbitrary API endpoint that will not be chcecked by sale pickup event.
|
|||||
| CVE-2019-8132 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft malicious payload in the template Name field for Email template in the "Design Configuration" dashboard.
|
|||||
| CVE-2019-8131 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into code field of an inventory source.
|
|||||
| CVE-2019-8129 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting an embedded expression into a translation.
|
|||||
| CVE-2019-8128 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can exploit it by injecting malicious Javascript into the name of main website.
|
|||||
| CVE-2019-8120 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user can inject arbitrary Javascript code by manipulating section of a POST request related to customer's email address.
|
|||||