Total
36924 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16333 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php. | |||||
| CVE-2019-16332 | 1 Api Bearer Auth Project | 1 Api Bearer Auth | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS. | |||||
| CVE-2019-16330 | 1 Nchsoftware | 1 Express Accounts Accounting | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In NCH Express Accounts Accounting v7.02, persistent cross site scripting (XSS) exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject arbitrary JavaScript. | |||||
| CVE-2019-16321 | 1 Scadabr | 1 Scadabr | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO. | |||||
| CVE-2019-16312 | 1 S-cms | 1 S-cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| s-cms V3.0 has XSS in index.php?type=text via the S_id parameter. | |||||
| CVE-2019-16310 | 1 Niushop | 1 Niushop | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| NIUSHOP V1.11 has XSS via the index.php?s=/admin URI. | |||||
| CVE-2019-16307 | 1 Fujixerox | 1 Docushare | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKey parameter (deleteWebExMeetingCheck.jsp). | |||||
| CVE-2019-16295 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 1.9 LOW | 4.6 MEDIUM |
| Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. This can be exploited by a local attacker who supplies a crafted filename within a directory visited by the victim. | |||||
| CVE-2019-16289 | 1 Webcraftic | 1 Woody Ad Snippets | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPress allows authenticated XSS via the winp_item parameter. | |||||
| CVE-2019-16282 | 1 Nchsoftware | 1 Express Invoice | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript. | |||||
| CVE-2019-16268 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen. | |||||
| CVE-2019-16238 | 1 Afterlogic | 1 Aurora | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login. | |||||
| CVE-2019-16223 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| WordPress before 5.2.3 allows XSS in post previews by authenticated users. | |||||
| CVE-2019-16222 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks. | |||||
| CVE-2019-16221 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress before 5.2.3 allows reflected XSS in the dashboard. | |||||
| CVE-2019-16219 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress before 5.2.3 allows XSS in shortcode previews. | |||||
| CVE-2019-16218 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress before 5.2.3 allows XSS in stored comments. | |||||
| CVE-2019-16217 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled. | |||||
| CVE-2019-16216 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads backend, the attack is only effective against browsers lacking support for Content-Security-Policy such as Internet Explorer 11. On a Zulip server using the S3 uploads backend, the attack is confined to the origin of the configured S3 uploads hostname and cannot reach the Zulip server itself. | |||||
| CVE-2019-16197 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS. | |||||