Total
36945 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7646 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter. | |||||
| CVE-2019-7634 | 1 Ifrn | 1 Sistema Unificado De Administracao Publica | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SUAP V2 allows XSS during the update of user information. | |||||
| CVE-2019-7621 | 1 Elastic | 1 Kibana | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations. An attacker with the ability to create coordinate map visualizations could create a malicious visualization. If another Kibana user views that visualization or a dashboard containing the visualization it could execute JavaScript in the victim�s browser. | |||||
| CVE-2019-7608 | 1 Elastic | 1 Kibana | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | |||||
| CVE-2019-7567 | 1 Bijiadao | 1 Waimai Super Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member&a=adminaddsave has XSS via the username or password parameter. | |||||
| CVE-2019-7554 | 1 Api Based Travel Booking Project | 1 Api Based Travel Booking | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in PHP Scripts Mall API Based Travel Booking 3.4.7. There is Reflected XSS via the flight-results.php d2 parameter. | |||||
| CVE-2019-7553 | 1 Chartered Accountant \ | 1 Auditor Website Project | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has Stored XSS in the Profile Update page via the My Name field. | |||||
| CVE-2019-7552 | 1 Investment Mlm Software Project | 1 Investment Mlm Software | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in PHP Scripts Mall Investment MLM Software 2.0.2. Stored XSS was found in the the My Profile Section. This is due to lack of sanitization in the Edit Name section. | |||||
| CVE-2019-7551 | 1 Cantemo | 1 Portal | 2024-11-21 | 6.0 MEDIUM | 9.0 CRITICAL |
| Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could enable account creation and deletion as well as deletion of information contained within the app. | |||||
| CVE-2019-7547 | 1 Topnew | 1 Sidu | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in SIDU 6.0. Because the database name is not strictly filtered, the attacker can insert a name containing an XSS Payload, leading to stored XSS. | |||||
| CVE-2019-7546 | 1 Topnew | 1 Sidu | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in SIDU 6.0. The dbs parameter of the conn.php page has a reflected Cross-site Scripting (XSS) vulnerability. | |||||
| CVE-2019-7545 | 1 Dbninja | 1 Dbninja | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In DbNinja 3.2.7, the Add Host function of the Manage Hosts pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name field. | |||||
| CVE-2019-7544 | 1 Mywebsql | 1 Mywebsql | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in MyWebSQL 3.7. The Add User function of the User Manager pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name Field. | |||||
| CVE-2019-7543 | 1 Kindsoft | 1 Kindeditor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability. | |||||
| CVE-2019-7541 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring. | |||||
| CVE-2019-7438 | 1 Jio | 2 Jiofi 4g M2s, Jiofi 4g M2s Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter. | |||||
| CVE-2019-7437 | 1 Opensource Classified Ads Script Project | 1 Opensource Classified Ads Script | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected Cross-Site Scripting (XSS) via the Search field. | |||||
| CVE-2019-7435 | 1 Opensource Classified Ads Script Project | 1 Opensource Classified Ads Script | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected HTML injection via the Search Form. | |||||
| CVE-2019-7432 | 1 Rental Bike Script Project | 1 Rental Bike Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the STREET field in the Profile Edit section. | |||||
| CVE-2019-7430 | 1 Image Sharing Script Project | 1 Image Sharing Script | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the Search Bar. | |||||