Total
36937 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-6248 | 1 Citysearch \/ Hotfrog \/ Gelbeseiten Clone Script Project | 1 Citysearch \/ Hotfrog \/ Gelbeseiten Clone Script | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 has Reflected XSS via the srch parameter, as demonstrated by restaurants-details.php. | |||||
CVE-2019-6243 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI). | |||||
CVE-2019-6229 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
CVE-2019-6228 | 1 Apple | 2 Iphone Os, Safari | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue is fixed in iOS 12.1.3, Safari 12.0.3. Processing maliciously crafted web content may lead to a cross site scripting attack. | |||||
CVE-2019-6204 | 1 Apple | 2 Iphone Os, Safari | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting. | |||||
CVE-2019-6181 | 1 Lenovo | 1 Xclarity Administrator | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The JavaScript code is not executed on LXCA itself. | |||||
CVE-2019-6180 | 1 Lenovo | 1 Xclarity Administrator | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not executed on LXCA itself. | |||||
CVE-2019-6159 | 1 Lenovo | 30 Bladecenter Hs22, Bladecenter Hs22 Firmware, Bladecenter Hs22v and 27 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause JavaScript code to be stored in the IMM log which may then be executed in the user's web browser when IMM log records containing the JavaScript code are viewed. The JavaScript code is not executed on IMM itself. The later IMM2 (IMM v2) is not affected. | |||||
CVE-2019-6146 | 1 Forcepoint | 1 Web Security | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host header injection. CVSSv3.0: 5.3 (Medium) (/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) | |||||
CVE-2019-6142 | 1 Forcepoint | 2 Email Security, Security Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue. | |||||
CVE-2019-6117 | 1 Wpape | 1 Ape Gallery | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The wpape APE GALLERY plugin 1.6.14 for WordPress has stored XSS via the classGallery.php getCategories function. | |||||
CVE-2019-6112 | 1 Graphpaperpress | 1 Sell Media | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field). | |||||
CVE-2019-6036 | 1 F-revocrm | 1 F-revocrm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 patch6 (version 6 series) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2019-6033 | 1 Appleple | 1 A-blog Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2019-6031 | 1 Dayz | 1 Kinza | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in KINZA for Windows version 5.9.2 and earlier and for Mac version 5.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via RSS reader. | |||||
CVE-2019-6029 | 1 Custom Body Class Project | 1 Custom Body Class | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2019-6018 | 1 Netcommons | 1 Netcommons | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in NetCommons 3.2.2 and earlier (NetCommons3.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2019-6016 | 1 Remise | 1 Payment Module | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2019-6011 | 1 Tms-outsource | 1 Wpdatatables Lite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2019-6003 | 1 Ec-cube | 1 Amazon Pay | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |