Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 36936 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-5989 1 Anglers-net 1 Cgi An-anlyzer 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
DOM-based cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Analysis Object Page.
CVE-2019-5988 1 Anglers-net 1 Cgi An-anlyzer 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Stored cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Management Page.
CVE-2019-5985 2 Ntt-east, Ntt-west 92 Pr-400ki, Pr-400ki Firmware, Pr-400mi and 89 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-5975 1 Cybozu 1 Garoon 2024-11-21 3.5 LOW 5.4 MEDIUM
DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-5972 1 Sukimalab 1 Online Lesson Booking 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Online Lesson Booking 0.8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-5970 1 Sukimalab 1 Attendance Manager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-5967 1 Joruri 1 Joruri Cms 2017 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Joruri CMS 2017 Release2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-5962 1 Zoho 1 Salesiq 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-5947 1 Cybozu 1 Garoon 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Cabinet'.
CVE-2019-5940 1 Cybozu 1 Garoon 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Scheduler'.
CVE-2019-5939 1 Cybozu 1 Garoon 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Portal'.
CVE-2019-5938 1 Cybozu 1 Garoon 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'.
CVE-2019-5937 1 Cybozu 1 Garoon 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information.
CVE-2019-5932 1 Cybozu 1 Garoon 2024-11-21 3.5 LOW 4.8 MEDIUM
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Portal'.
CVE-2019-5929 1 Cybozu 1 Garoon 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the application 'Memo'.
CVE-2019-5928 1 Cybozu 1 Garoon 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function.
CVE-2019-5926 1 Kinagacms Project 1 Kinagacms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in KinagaCMS versions prior to 6.5 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-5925 1 Dradisframework 1 Dradis 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in Dradis Community Edition Dradis Community Edition v3.11 and earlier and Dradis Professional Edition v3.1.1 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-5888 1 Overit 1 Geocall 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Multiple XSS vulnerabilities were discovered in OverIT Geocall 6.3 before build 2:346977.
CVE-2019-5778 4 Debian, Fedoraproject, Google and 1 more 6 Debian Linux, Fedora, Chrome and 3 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.