Total
36929 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-25047 | 1 Greenbone | 2 Greenbone Os, Greenbone Security Assistant | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) before 5.0.10 allow XSS during 404 URL handling in gsad. | |||||
| CVE-2019-25046 | 1 Cerberusftp | 1 Ftp Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document. | |||||
| CVE-2019-25028 | 1 Vaadin | 1 Vaadin | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| Missing variable sanitization in Grid component in com.vaadin:vaadin-server versions 7.4.0 through 7.7.19 (Vaadin 7.4.0 through 7.7.19), and 8.0.0 through 8.8.4 (Vaadin 8.0.0 through 8.8.4) allows attacker to inject malicious JavaScript via unspecified vector | |||||
| CVE-2019-25027 | 1 Vaadin | 2 Flow, Vaadin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 (Vaadin 10.0.0 through 10.0.13), and 1.1.0 through 1.4.2 (Vaadin 11.0.0 through 13.0.5) allows attacker to execute malicious JavaScript via crafted URL | |||||
| CVE-2019-25015 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID. | |||||
| CVE-2019-25011 | 1 Netbox | 1 Netbox | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments. | |||||
| CVE-2019-20903 | 1 Atlassian | 1 Editor-core | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in link targets. | |||||
| CVE-2019-20900 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module. The affected versions are before version 8.7.0. | |||||
| CVE-2019-20803 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme. | |||||
| CVE-2019-20802 | 1 Readdle | 1 Documents | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server improperly displays directory names, leading to Stored XSS, which may be used to steal a user's data. This requires user interaction because there is no known direct way for an attacker to create a crafted directory name on a victim's device. However, a crafted directory name can occur if a victim extracts a ZIP archive that was provided by an attacker. | |||||
| CVE-2019-20798 | 1 Cherokee-project | 1 Cherokee | 2024-11-21 | 6.0 MEDIUM | 8.4 HIGH |
| An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and execute arbitrary commands. | |||||
| CVE-2019-20789 | 1 Croogo | 1 Croogo | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies. | |||||
| CVE-2019-20768 | 1 Servicenow | 1 It Service Management | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparm_item_guid and sys_id parameters in an Incident Request to service_catalog.do. | |||||
| CVE-2019-20759 | 1 Netgear | 2 R9000, R9000 Firmware | 2024-11-21 | 2.9 LOW | 5.2 MEDIUM |
| NETGEAR R9000 devices before 1.0.4.26 are affected by stored XSS. | |||||
| CVE-2019-20756 | 1 Netgear | 36 Ex3700, Ex3700 Firmware, Ex3800 and 33 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Certain NETGEAR devices are affected by reflected XSS. This affects EX7000 before 1.0.0.64, EX6200 before 1.0.3.86, EX6150 before 1.0.0.38, EX6130 before 1.0.0.22, EX6120 before 1.0.0.40, EX6100 before 1.0.2.22, EX6000 before 1.0.0.30, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, R8300 before 1.0.2.94, R7300DST before 1.0.0.62, R7000P before 1.3.0.20, R6900P before 1.3.0.20, R6400 before 1.0.1.32, R6300v2 before 1.0.4.24, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.18, and WN2500RPv2 before 1.0.1.52. | |||||
| CVE-2019-20752 | 1 Netgear | 40 D3600, D3600 Firmware, D6000 and 37 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68. | |||||
| CVE-2019-20750 | 1 Netgear | 20 D7800, D7800 Firmware, Ex6100 and 17 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.47, EX6150v2 before 1.0.1.76, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv3 before 1.0.2.70, and WN3100RPv2 before 1.0.0.66. | |||||
| CVE-2019-20749 | 1 Netgear | 20 D7800, D7800 Firmware, Ex6100 and 17 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.47, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv3 before 1.0.2.70, and WN3100RPv2 before 1.0.0.66. | |||||
| CVE-2019-20746 | 1 Netgear | 40 D3600, D3600 Firmware, D6000 and 37 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by reflected XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.8, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68. | |||||
| CVE-2019-20743 | 1 Netgear | 2 Wac510, Wac510 Firmware | 2024-11-21 | 2.9 LOW | 5.2 MEDIUM |
| NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS. | |||||