Total
36962 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9108 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app/core/map.php. | |||||
| CVE-2019-9094 | 1 Humhub | 1 Humhub | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in /s/adada/cfiles/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing JavaScript in the filename is echoed back in JavaScript code, which resulted in XSS. | |||||
| CVE-2019-9093 | 1 Humhub | 1 Humhub | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in file/file/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing a JavaScript payload in the filename parameter is echoed back, which resulted in reflected XSS. | |||||
| CVE-2019-9078 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT. | |||||
| CVE-2019-9066 | 1 Php Appointment Booking Script Project | 1 Php Appointment Booking Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall PHP Appointment Booking Script 3.0.3 allows HTML injection in a user profile. | |||||
| CVE-2019-9016 | 1 Mopcms | 1 Mopcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[name] parameter in a mod=column request, as demonstrated by the /mopcms/X0AZgf(index).php?mod=column&ac=list&menuid=28&ac=add&menuid=29 URI. | |||||
| CVE-2019-8991 | 1 Tibco | 5 Activematrix Bpm, Activematrix Policy Director, Activematrix Service Bus and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains multiple vulnerabilities that may allow for cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1. | |||||
| CVE-2019-8987 | 1 Tibco | 2 Data Science For Aws, Spotfire Data Science | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically allows an authenticated user to gain access to all the capabilities of the web interface available to more privileged users. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0. | |||||
| CVE-2019-8984 | 1 Altn | 1 Mdaemon | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2). | |||||
| CVE-2019-8983 | 1 Altn | 1 Mdaemon | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2). | |||||
| CVE-2019-8953 | 1 Netgate | 1 Haproxy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php. | |||||
| CVE-2019-8947 | 1 Zimbra | 1 Collaboration Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS. | |||||
| CVE-2019-8946 | 1 Zimbra | 1 Collaboration Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. | |||||
| CVE-2019-8945 | 1 Zimbra | 1 Collaboration Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. | |||||
| CVE-2019-8939 | 1 Tautulli | 1 Tautulli | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page. | |||||
| CVE-2019-8938 | 1 Vertrigoserv Project | 1 Vertrigoserv | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter. | |||||
| CVE-2019-8937 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php. | |||||
| CVE-2019-8935 | 1 O-dyn | 1 Collabtive | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter. | |||||
| CVE-2019-8929 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype. | |||||
| CVE-2019-8928 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName. | |||||