Total
36927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18656 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBundle/Resources/public/js/pimcore/settings/translations.js mishandles certain HTML elements. | |||||
| CVE-2019-18654 | 2 Avg, Microsoft | 2 Anti-virus, Windows | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. | |||||
| CVE-2019-18653 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. | |||||
| CVE-2019-18652 | 1 Watchguard | 2 Xmt515, Xmt515 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking on a crafted link. The payload was tested in Microsoft Internet Explorer 11.418.18362.0 and Microsoft Edge 44.18362.387.0 (Microsoft EdgeHTML 18.18362). | |||||
| CVE-2019-18649 | 1 Untangle | 1 Ng Firewall | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS. | |||||
| CVE-2019-18648 | 1 Untangle | 1 Ng Firewall | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields. | |||||
| CVE-2019-18636 | 1 Jitbit | 1 .net Forum | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Jitbit .NET Forum (aka ASP.NET forum) 8.3.8 allows remote attackers to inject arbitrary web script or HTML via the gravatar URL parameter. | |||||
| CVE-2019-18588 | 1 Dell | 2 Emc Powermax, Emc Unisphere For Powermax | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users' sessions. | |||||
| CVE-2019-18578 | 1 Dell | 1 Xtremio Management Server | 2024-11-21 | 6.0 MEDIUM | 9.0 CRITICAL |
| Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the injected page through their browsers, the malicious code may be executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2019-18574 | 2 Emc, Rsa | 2 Rsa Authentication Manager, Authentication Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could then be included in a report. When other Security Console administrators open the affected report, the injected scripts could potentially be executed in their browser. | |||||
| CVE-2019-18571 | 1 Dell | 1 Rsa Identity Governance And Lifecycle | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a reflected cross-site scripting vulnerability in the My Access Live module [MAL]. An authenticated malicious local user could potentially exploit this vulnerability by sending crafted URL with scripts. When victim users access the module through their browsers, the malicious code gets injected and executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2019-18454 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 10.5 through 12.4 in link validation for RDoc wiki pages feature. It has XSS. | |||||
| CVE-2019-18419 | 1 Clonos | 1 Clonos | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
| CVE-2019-18416 | 1 Restaurant Management System Project | 1 Restaurant Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sourcecodester Restaurant Management System 1.0 allows XSS via the Last Name field of a member. | |||||
| CVE-2019-18415 | 1 Restaurant Management System Project | 1 Restaurant Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sourcecodester Restaurant Management System 1.0 allows XSS via the "send a message" screen. | |||||
| CVE-2019-18413 | 1 Typestack Class-validator Project | 1 Typestack Class-validator | 2024-11-21 | 7.5 HIGH | 3.7 LOW |
| In TypeStack class-validator 0.10.2, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not documented and thus most developers configure input validation in the vulnerable default manner. With this vulnerability, attackers can launch SQL Injection or XSS attacks by injecting arbitrary malicious input. NOTE: a software maintainer agrees with the "is not documented" finding but suggests that much of the responsibility for the risk lies in a different product. | |||||
| CVE-2019-18378 | 1 Symantec | 1 Messaging Gateway | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. | |||||
| CVE-2019-18357 | 1 Thycotic | 1 Secret Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2). | |||||
| CVE-2019-18356 | 1 Thycotic | 1 Secret Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2). | |||||
| CVE-2019-18350 | 1 Ant.design | 1 Ant Design Pro | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET parameter affects the authorization component, leading to execution of JavaScript code in the login after-action script. | |||||