Total
36929 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1329 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Foundation | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1330. | |||||
| CVE-2019-1328 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Foundation | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. | |||||
| CVE-2019-1305 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. | |||||
| CVE-2019-1273 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS Vulnerability'. | |||||
| CVE-2019-1266 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. | |||||
| CVE-2019-1262 | 1 Microsoft | 1 Sharepoint Foundation | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | |||||
| CVE-2019-1218 | 1 Microsoft | 1 Outlook | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists in the way Microsoft Outlook iOS software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user. The security update addresses the vulnerability by correcting how Outlook iOS parses specially crafted email messages. | |||||
| CVE-2019-1203 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. | |||||
| CVE-2019-1137 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'. | |||||
| CVE-2019-1076 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. | |||||
| CVE-2019-1070 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | |||||
| CVE-2019-19991 | 1 Seling | 1 Visual Access Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Reflected Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /vam/vam_anagraphic.php, /vam/vam_vamuser.php, /common/vamp_main.php, and /wiz/change_password.php. | |||||
| CVE-2019-19990 | 1 Seling | 1 Visual Access Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Stored Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /monitor/s_headmodel.php and /vam/vam_user.php. | |||||
| CVE-2019-19979 | 1 Wp Maintenance Project | 1 Wp Maintenance | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site's maintenance mode and inject malicious code affecting site visitors. There was CSRF with resultant XSS. | |||||
| CVE-2019-19968 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content. | |||||
| CVE-2019-19941 | 1 Swisscom | 2 Centro Grande, Centro Grande Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Missing hostname validation in Swisscom Centro Grande before 6.16.12 allows a remote attacker to inject its local IP address as a domain entry in the DNS service of the router via crafted hostnames in DHCP requests, causing XSS. | |||||
| CVE-2019-19935 | 1 Froala | 1 Froala Editor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Froala Editor before 3.2.3 allows XSS. | |||||
| CVE-2019-19916 | 2 Microsoft, Midori-browser | 2 Windows 10, Midori | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Midori Browser 0.5.11 (on Windows 10), Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the multipart/x-mixed-replace MIME type. This could result in script running where CSP should have blocked it, allowing for cross-site scripting (XSS) and other attacks when the product renders the content as HTML. Remediating this would also need to consider the polyglot case, e.g., a file that is a valid GIF image and also valid JavaScript. | |||||
| CVE-2019-19913 | 1 Intland | 1 Codebeamer | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter. | |||||
| CVE-2019-19912 | 1 Intland | 1 Codebeamer | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote attackers to inject arbitrary scripts via an active script embedded in an SWF file. | |||||