Total
36927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17651 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious JavaScript code into the description field of a Device Maintenance schedule. | |||||
| CVE-2019-17634 | 1 Eclipse | 1 Memory Analyzer | 2024-11-21 | 8.5 HIGH | 9.0 CRITICAL |
| Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. The user must chose todownload, open the malicious heap dump and generate an HTML report for the problem to occur. The heap dump could be specially crafted, or could come from a crafted application or from an application processing malicious data. The vulnerability is present whena report is generated and opened from the Memory Analyzer graphical user interface, or when a report generated in batch mode is then opened in Memory Analyzer or by a web browser. The vulnerability could possibly allow code execution on the local system whenthe report is opened in Memory Analyzer. | |||||
| CVE-2019-17632 | 1 Eclipse | 1 Jetty | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in stacktraces included in error output. | |||||
| CVE-2019-17630 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen. | |||||
| CVE-2019-17629 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen. | |||||
| CVE-2019-17625 | 1 Rambox | 1 Rambox | 2024-11-21 | 8.5 HIGH | 9.0 CRITICAL |
| There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for Node.js and Electron, such as an exec of OS commands within the onerror attribute of an IMG element. | |||||
| CVE-2019-17611 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter. | |||||
| CVE-2019-17610 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter. | |||||
| CVE-2019-17609 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter. | |||||
| CVE-2019-17608 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| HongCMS 3.0.0 has XSS via the install/index.php dbname parameter. | |||||
| CVE-2019-17607 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| HongCMS 3.0.0 has XSS via the install/index.php servername parameter. | |||||
| CVE-2019-17606 | 1 Hexo-admin Project | 1 Hexo-admin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Post editor functionality in the hexo-admin plugin versions 2.3.0 and earlier for Node.js is vulnerable to stored XSS via the content of a post. | |||||
| CVE-2019-17599 | 1 Expresstech | 1 Quiz And Survey Master | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter (and/or the quiz_id parameter). The component is: admin/quiz-options-page.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL. | |||||
| CVE-2019-17581 | 1 Dormsystem Project | 1 Dormsystem | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| tonyy dormsystem through 1.3 allows DOM XSS. | |||||
| CVE-2019-17579 | 1 Sonarsource | 1 Sonarqube | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SonarSource SonarQube before 7.8 has XSS in project links on account/projects. | |||||
| CVE-2019-17578 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Sender email for automatic emails (default value in php.ini: Undefined)" field. | |||||
| CVE-2019-17577 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails (fields 'Errors-To' in emails sent)" field. | |||||
| CVE-2019-17576 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit URI via the "Send all emails to (instead of real recipients, for test purposes)" field. | |||||
| CVE-2019-17573 | 2 Apache, Oracle | 7 Cxf, Commerce Guided Search, Communications Element Manager and 4 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable. | |||||
| CVE-2019-17557 | 1 Apache | 1 Syncope | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string. | |||||