Total
36960 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8436 | 1 Txjia | 1 Imcat | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter. | |||||
| CVE-2019-8435 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header. | |||||
| CVE-2019-8434 | 1 Cmseasy | 1 Cmseasy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter. | |||||
| CVE-2019-8432 | 1 Cmseasy | 1 Cmseasy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter. | |||||
| CVE-2019-8426 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter. | |||||
| CVE-2019-8425 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages. | |||||
| CVE-2019-8419 | 1 Vnote Project | 1 Vnote | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| VNote 2.2 has XSS via a new text note. | |||||
| CVE-2019-8410 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key). | |||||
| CVE-2019-8400 | 1 Ory | 1 Hydra | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter. | |||||
| CVE-2019-8391 | 1 Qdpm | 1 Qdpm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| qdPM 9.1 suffers from Cross-site Scripting (XSS) via configuration?type=[XSS] parameter. | |||||
| CVE-2019-8390 | 1 Qdpm | 1 Qdpm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keywords] parameter. | |||||
| CVE-2019-8368 | 1 Open-emr | 1 Openemr | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenEMR v5.0.1-6 allows XSS. | |||||
| CVE-2019-8363 | 1 Verydows | 1 Verydows | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value. | |||||
| CVE-2019-8361 | 1 Responsive Video News Script Project | 1 Responsive Video News Script | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection. | |||||
| CVE-2019-8349 | 1 Htmly | 1 Htmly | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in HTMLy 2.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) destination parameter to delete feature; the (2) destination parameter to edit feature; (3) content parameter in the profile feature. | |||||
| CVE-2019-8346 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user's AD self-service password reset and MFA token. | |||||
| CVE-2019-8335 | 1 Schoolcms | 1 Schoolcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&id=[XSS]. | |||||
| CVE-2019-8334 | 1 Schoolcms | 1 Schoolcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&viewid=[XSS]. | |||||
| CVE-2019-8331 | 4 F5, Getbootstrap, Redhat and 1 more | 16 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 13 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. | |||||
| CVE-2019-8290 | 1 Online Store System Project | 1 Online Store System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected. | |||||