Vulnerabilities (CVE)

Filtered by CWE-79
Total 36937 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-6248 1 Citysearch \/ Hotfrog \/ Gelbeseiten Clone Script Project 1 Citysearch \/ Hotfrog \/ Gelbeseiten Clone Script 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 has Reflected XSS via the srch parameter, as demonstrated by restaurants-details.php.
CVE-2019-6243 1 Frog Cms Project 1 Frog Cms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI).
CVE-2019-6229 2 Apple, Microsoft 6 Icloud, Iphone Os, Itunes and 3 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to universal cross site scripting.
CVE-2019-6228 1 Apple 2 Iphone Os, Safari 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue is fixed in iOS 12.1.3, Safari 12.0.3. Processing maliciously crafted web content may lead to a cross site scripting attack.
CVE-2019-6204 1 Apple 2 Iphone Os, Safari 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting.
CVE-2019-6181 1 Lenovo 1 Xclarity Administrator 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The JavaScript code is not executed on LXCA itself.
CVE-2019-6180 1 Lenovo 1 Xclarity Administrator 2024-11-21 3.5 LOW 4.8 MEDIUM
A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not executed on LXCA itself.
CVE-2019-6159 1 Lenovo 30 Bladecenter Hs22, Bladecenter Hs22 Firmware, Bladecenter Hs22v and 27 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause JavaScript code to be stored in the IMM log which may then be executed in the user's web browser when IMM log records containing the JavaScript code are viewed. The JavaScript code is not executed on IMM itself. The later IMM2 (IMM v2) is not affected.
CVE-2019-6146 1 Forcepoint 1 Web Security 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host header injection. CVSSv3.0: 5.3 (Medium) (/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVE-2019-6142 1 Forcepoint 2 Email Security, Security Manager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue.
CVE-2019-6117 1 Wpape 1 Ape Gallery 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The wpape APE GALLERY plugin 1.6.14 for WordPress has stored XSS via the classGallery.php getCategories function.
CVE-2019-6112 1 Graphpaperpress 1 Sell Media 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).
CVE-2019-6036 1 F-revocrm 1 F-revocrm 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 patch6 (version 6 series) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-6033 1 Appleple 1 A-blog Cms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-6031 1 Dayz 1 Kinza 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in KINZA for Windows version 5.9.2 and earlier and for Mac version 5.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via RSS reader.
CVE-2019-6029 1 Custom Body Class Project 1 Custom Body Class 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-6018 1 Netcommons 1 Netcommons 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in NetCommons 3.2.2 and earlier (NetCommons3.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-6016 1 Remise 1 Payment Module 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-6011 1 Tms-outsource 1 Wpdatatables Lite 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-6003 1 Ec-cube 1 Amazon Pay 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.