Total
36928 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19708 | 1 Mediawiki | 1 Visual Editor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute. | |||||
| CVE-2019-19692 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Note that the Japanese version of the product is NOT affected. | |||||
| CVE-2019-19682 | 1 Nopcommerce | 1 Nopcommerce | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/[id] Admin/Blog/BlogPostEdit/[id]. NOTE: the vendor reportedly considers this a "feature" because the affected components are an HTML content editor. | |||||
| CVE-2019-19679 | 1 Xpand-it | 1 Xray Test Mangaement | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via the summary field of a Create Pre-Condition action for a new Test Issue. | |||||
| CVE-2019-19678 | 1 Xpand-it | 1 Xray Test Mangaement | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the generic field entry point via the Generic Test Definition field of a new Generic Test issue. | |||||
| CVE-2019-19661 | 1 Maxum | 1 Rumpus Ftp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp. | |||||
| CVE-2019-19632 | 1 Bigswitch | 3 Big Cloud Fabric, Big Monitoring Fabric, Multi-cloud Director | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. An unauthenticated attacker may inject stored arbitrary JavaScript (XSS), and execute it in the content of authenticated administrators. | |||||
| CVE-2019-19619 | 1 Documize | 1 Documize | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS. | |||||
| CVE-2019-19615 | 1 Sangoma | 1 Freepbx | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and embed malicious XSS code via a link. When another user (such as an admin) clicks the link, the XSS payload will render and execute in the context of the victim user's account. | |||||
| CVE-2019-19612 | 1 Halvotec | 1 Raquest | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Halvotec RaQuest 10.23.10801.0. Several features of the application allow stored Cross-site Scripting (XSS). Fixed in Release 24.2020.20608.0. | |||||
| CVE-2019-19596 | 1 Gitbook | 1 Gitbook | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| GitBook through 2.6.9 allows XSS via a local .md file. | |||||
| CVE-2019-19592 | 1 Jamasoftware | 1 Connect | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jama Connect 8.44.0 is vulnerable to stored Cross-Site Scripting | |||||
| CVE-2019-19587 | 1 Wso2 | 1 Enterprise Integrator | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In WSO2 Enterprise Integrator 6.5.0, reflected XSS occurs when updating the message processor configuration from the source view in the Management Console. | |||||
| CVE-2019-19552 | 1 Sangoma | 1 Freepbx | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user's account. | |||||
| CVE-2019-19551 | 1 Sangoma | 1 Freepbx | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user's profile, the XSS payload will render and execute in the context of the victim user's account. | |||||
| CVE-2019-19547 | 2 Fedoraproject, Symantec | 2 Fedora, Endpoint Detection And Response | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. | |||||
| CVE-2019-19542 | 1 Cridio | 1 Listingpro | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page. | |||||
| CVE-2019-19541 | 1 Cridio | 1 Listingpro | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page. | |||||
| CVE-2019-19540 | 1 Cridio | 1 Listingpro | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage. | |||||
| CVE-2019-19515 | 1 Ayision | 2 Ays-wr01, Ays-wr01 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in wireless settings. | |||||