Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17493 | 1 Jnoj | 1 Jiangnan Online Judge | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_input] parameter to web/admin/problem/create or web/polygon/problem/update.
|
|||||
| CVE-2019-17491 | 1 Jnoj | 1 Jiangnan Online Judge | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[description] parameter to web/admin/problem/create or web/polygon/problem/update.
|
|||||
| CVE-2019-17489 | 1 Jnoj | 1 Jiangnan Online Judge | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create.
|
|||||
| CVE-2019-17488 | 1 B3log | 1 Symphony | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header.
|
|||||
| CVE-2019-17434 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen.
|
|||||
| CVE-2019-17433 | 1 Laravel-admin | 1 Laravel-admin | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen.
|
|||||
| CVE-2019-17432 | 1 Fastadmin | 1 Fastadmin | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the row[name] parameter.
|
|||||
| CVE-2019-17430 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter.
|
|||||
| CVE-2019-17427 | 1 Redmine | 1 Redmine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors.
|
|||||
| CVE-2019-17417 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs.
|
|||||
| CVE-2019-17409 | 1 Open-emr | 1 Openemr | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 ia the id parameter.
|
|||||
| CVE-2019-17405 | 1 Nokia | 1 Impact | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Nokia IMPACT < 18A: has Reflected self XSS
|
|||||
| CVE-2019-17385 | 1 Eleopard | 1 Animate It\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The animate-it plugin before 2.3.5 for WordPress has XSS.
|
|||||
| CVE-2019-17384 | 1 Eleopard | 1 Animate It\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The animate-it plugin before 2.3.4 for WordPress has XSS.
|
|||||
| CVE-2019-17380 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528).
|
|||||
| CVE-2019-17379 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527).
|
|||||
| CVE-2019-17378 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526).
|
|||||
| CVE-2019-17377 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524).
|
|||||
| CVE-2019-17376 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521).
|
|||||
| CVE-2019-17368 | 1 S-cms | 1 S-cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter.
|
|||||
| CVE-2019-17338 | 1 Tibco | 1 Patterns - Search | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The user interface component of TIBCO Software Inc.'s TIBCO Patterns - Search contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Patterns - Search: versions 5.4.0 and below.
|
|||||
| CVE-2019-17337 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
|
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10 ...
Show More |
|||||
| CVE-2019-17333 | 1 Tibco | 1 Ebx | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The Web server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.1.fixS and below, versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, and 5.9.7.
|
|||||
| CVE-2019-17332 | 1 Tibco | 1 Ebx Add-ons | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
|
The Digital Asset Manager Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, versions 4.1.0, 4.2.0, 4.2.1, and 4.2.2.
|
|||||
| CVE-2019-17331 | 1 Tibco | 1 Ebx Add-ons | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The Data Exchange Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, version 4.1.0.
|
|||||
| CVE-2019-17330 | 1 Tibco | 1 Ebx | 2024-11-21 | 4.3 MEDIUM | 9.6 CRITICAL |
|
The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6.
|
|||||
| CVE-2019-17276 | 1 Netapp | 1 Oncommand System Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field.
|
|||||
| CVE-2019-17239 | 1 Wpfactory | 1 Download Plugins And Themes From Dashboard | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
includes/settings/class-alg-download-plugins-settings.php in the download-plugins-dashboard plugin through 1.5.0 for WordPress has multiple unauthenticated stored XSS issues.
|
|||||
| CVE-2019-17236 | 1 Getigniteup | 1 Igniteup | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS.
|
|||||
| CVE-2019-17233 | 1 Etoilewebdesign | 1 Ultimate Faq | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection.
|
|||||
| CVE-2019-17231 | 1 Mageewp | 1 Onetone | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues.
|
|||||
| CVE-2019-17229 | 1 Stylemixthemes | 1 Motors - Car Dealer\, Classifieds \& Listing | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress has multiple stored XSS issues.
|
|||||
| CVE-2019-17226 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field.
|
|||||
| CVE-2019-17225 | 1 Intelliants | 1 Subrion | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue.
|
|||||
| CVE-2019-17223 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php.
|
|||||
| CVE-2019-17222 | 1 Intelbras | 2 Wrn 150, Wrn 150 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered on Intelbras WRN 150 1.0.17 devices. There is stored XSS in the Service Name tab of the WAN configuration screen, leading to a denial of service (inability to change the configuration).
|
|||||
| CVE-2019-17220 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line.
|
|||||
| CVE-2019-17214 | 1 Webarxsecurity | 1 Webarx | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending &cc=1 to a URI.
|
|||||
| CVE-2019-17213 | 1 Webarxsecurity | 1 Webarx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS via the URI or the X-Forwarded-For HTTP header.
|
|||||
| CVE-2019-17207 | 1 Managewp | 1 Broken Link Checker | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A reflected XSS vulnerability was found in includes/admin/table-printer.php in the broken-link-checker (aka Broken Link Checker) plugin 1.11.8 for WordPress. This allows unauthorized users to inject client-side JavaScript into an admin-only WordPress page via the wp-admin/tools.php?page=view-broken-links s_filter parameter in a search action.
|
|||||