Vulnerabilities (CVE)

Filtered by CWE-79
Total 37080 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-17331 1 Tibco 1 Ebx Add-ons 2024-11-21 3.5 LOW 5.4 MEDIUM
The Data Exchange Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, version 4.1.0.
CVE-2019-17330 1 Tibco 1 Ebx 2024-11-21 4.3 MEDIUM 9.6 CRITICAL
The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6.
CVE-2019-17276 1 Netapp 1 Oncommand System Manager 2024-11-21 3.5 LOW 5.4 MEDIUM
OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field.
CVE-2019-17239 1 Wpfactory 1 Download Plugins And Themes From Dashboard 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
includes/settings/class-alg-download-plugins-settings.php in the download-plugins-dashboard plugin through 1.5.0 for WordPress has multiple unauthenticated stored XSS issues.
CVE-2019-17236 1 Getigniteup 1 Igniteup 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS.
CVE-2019-17233 1 Etoilewebdesign 1 Ultimate Faq 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection.
CVE-2019-17231 1 Mageewp 1 Onetone 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues.
CVE-2019-17229 1 Stylemixthemes 1 Motors - Car Dealer\, Classifieds \& Listing 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress has multiple stored XSS issues.
CVE-2019-17226 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 3.5 LOW 4.8 MEDIUM
CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field.
CVE-2019-17225 1 Intelliants 1 Subrion 2024-11-21 3.5 LOW 5.4 MEDIUM
Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue.
CVE-2019-17223 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php.
CVE-2019-17222 1 Intelbras 2 Wrn 150, Wrn 150 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered on Intelbras WRN 150 1.0.17 devices. There is stored XSS in the Service Name tab of the WAN configuration screen, leading to a denial of service (inability to change the configuration).
CVE-2019-17220 1 Rocket.chat 1 Rocket.chat 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line.
CVE-2019-17214 1 Webarxsecurity 1 Webarx 2024-11-21 5.0 MEDIUM 7.5 HIGH
The WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending &cc=1 to a URI.
CVE-2019-17213 1 Webarxsecurity 1 Webarx 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS via the URI or the X-Forwarded-For HTTP header.
CVE-2019-17207 1 Managewp 1 Broken Link Checker 2024-11-21 3.5 LOW 5.4 MEDIUM
A reflected XSS vulnerability was found in includes/admin/table-printer.php in the broken-link-checker (aka Broken Link Checker) plugin 1.11.8 for WordPress. This allows unauthorized users to inject client-side JavaScript into an admin-only WordPress page via the wp-admin/tools.php?page=view-broken-links s_filter parameter in a search action.
CVE-2019-17205 1 Teampass 1 Teampass 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed.
CVE-2019-17204 1 Teampass 1 Teampass 2024-11-21 3.5 LOW 5.4 MEDIUM
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item.
CVE-2019-17203 1 Teampass 1 Teampass 2024-11-21 3.5 LOW 5.4 MEDIUM
TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder.
CVE-2019-17189 1 Totemo 1 Totemodata 2024-11-21 3.5 LOW 5.4 MEDIUM
totemodata 3.0.0_b936 has XSS via a folder name.