Total
37080 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-17331 | 1 Tibco | 1 Ebx Add-ons | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
The Data Exchange Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, version 4.1.0. | |||||
CVE-2019-17330 | 1 Tibco | 1 Ebx | 2024-11-21 | 4.3 MEDIUM | 9.6 CRITICAL |
The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6. | |||||
CVE-2019-17276 | 1 Netapp | 1 Oncommand System Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field. | |||||
CVE-2019-17239 | 1 Wpfactory | 1 Download Plugins And Themes From Dashboard | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
includes/settings/class-alg-download-plugins-settings.php in the download-plugins-dashboard plugin through 1.5.0 for WordPress has multiple unauthenticated stored XSS issues. | |||||
CVE-2019-17236 | 1 Getigniteup | 1 Igniteup | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS. | |||||
CVE-2019-17233 | 1 Etoilewebdesign | 1 Ultimate Faq | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. | |||||
CVE-2019-17231 | 1 Mageewp | 1 Onetone | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues. | |||||
CVE-2019-17229 | 1 Stylemixthemes | 1 Motors - Car Dealer\, Classifieds \& Listing | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress has multiple stored XSS issues. | |||||
CVE-2019-17226 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field. | |||||
CVE-2019-17225 | 1 Intelliants | 1 Subrion | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue. | |||||
CVE-2019-17223 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php. | |||||
CVE-2019-17222 | 1 Intelbras | 2 Wrn 150, Wrn 150 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered on Intelbras WRN 150 1.0.17 devices. There is stored XSS in the Service Name tab of the WAN configuration screen, leading to a denial of service (inability to change the configuration). | |||||
CVE-2019-17220 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line. | |||||
CVE-2019-17214 | 1 Webarxsecurity | 1 Webarx | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending &cc=1 to a URI. | |||||
CVE-2019-17213 | 1 Webarxsecurity | 1 Webarx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS via the URI or the X-Forwarded-For HTTP header. | |||||
CVE-2019-17207 | 1 Managewp | 1 Broken Link Checker | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
A reflected XSS vulnerability was found in includes/admin/table-printer.php in the broken-link-checker (aka Broken Link Checker) plugin 1.11.8 for WordPress. This allows unauthorized users to inject client-side JavaScript into an admin-only WordPress page via the wp-admin/tools.php?page=view-broken-links s_filter parameter in a search action. | |||||
CVE-2019-17205 | 1 Teampass | 1 Teampass | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed. | |||||
CVE-2019-17204 | 1 Teampass | 1 Teampass | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item. | |||||
CVE-2019-17203 | 1 Teampass | 1 Teampass | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder. | |||||
CVE-2019-17189 | 1 Totemo | 1 Totemodata | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
totemodata 3.0.0_b936 has XSS via a folder name. |