Total
36927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17551 | 1 Apakgroup | 1 Wholesale Floorplanning Finance | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5, an attacker can send an authenticated POST request with a malicious payload to /WFS/agreementView.faces allowing a stored XSS via the mainForm:loanNotesnotes:0:rich_text_editor_note_text parameter in the Notes section. Although versions 6.31.8.3 and 6.31.8.5 are confirmed to be affected, all versions with the vulnerable WYSIWYG editor in the Notes section are likely affected. | |||||
| CVE-2019-17550 | 1 Adenion | 1 Blog2social | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2s_id parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL. | |||||
| CVE-2019-17535 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647. | |||||
| CVE-2019-17524 | 1 Technicolor | 2 Tc7300.b0, Tc7300.b0 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. An intranet host can use a crafted hostname to exploit this. | |||||
| CVE-2019-17523 | 1 Technicolor | 2 Tc7300.b0, Tc7300.b0 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp. | |||||
| CVE-2019-17522 | 1 Hotarucms | 1 Hotarucms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored XSS vulnerability was discovered in Hotaru CMS v1.7.2 via the admin_index.php?page=settings SITE NAME field (aka SITE_NAME), a related issue to CVE-2011-4709.1. | |||||
| CVE-2019-17515 | 1 Cleantalk | 1 Spam Protection\, Antispam\, Firewall | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and inc/cleantalk-comments.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL. | |||||
| CVE-2019-17504 | 1 Kirona | 1 Dynamic Resource Scheduling | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. A reflected Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script via the /osm/report/ password parameter. | |||||
| CVE-2019-17496 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion. | |||||
| CVE-2019-17494 | 1 Laravel-bjyblog Project | 1 Laravel-bjyblog | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| laravel-bjyblog 6.1.1 has XSS via a crafted URL. | |||||
| CVE-2019-17493 | 1 Jnoj | 1 Jiangnan Online Judge | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_input] parameter to web/admin/problem/create or web/polygon/problem/update. | |||||
| CVE-2019-17491 | 1 Jnoj | 1 Jiangnan Online Judge | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[description] parameter to web/admin/problem/create or web/polygon/problem/update. | |||||
| CVE-2019-17489 | 1 Jnoj | 1 Jiangnan Online Judge | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create. | |||||
| CVE-2019-17488 | 1 B3log | 1 Symphony | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header. | |||||
| CVE-2019-17434 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen. | |||||
| CVE-2019-17433 | 1 Laravel-admin | 1 Laravel-admin | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen. | |||||
| CVE-2019-17432 | 1 Fastadmin | 1 Fastadmin | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the row[name] parameter. | |||||
| CVE-2019-17430 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter. | |||||
| CVE-2019-17427 | 1 Redmine | 1 Redmine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors. | |||||
| CVE-2019-17417 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs. | |||||