Vulnerabilities (CVE)

Filtered by CWE-79
Total 37092 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-17488 1 B3log 1 Symphony 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header.
CVE-2019-17434 1 Lavalite 1 Lavalite 2024-11-21 3.5 LOW 5.4 MEDIUM
LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen.
CVE-2019-17433 1 Laravel-admin 1 Laravel-admin 2024-11-21 3.5 LOW 4.8 MEDIUM
z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen.
CVE-2019-17432 1 Fastadmin 1 Fastadmin 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the row[name] parameter.
CVE-2019-17430 1 Eyoucms 1 Eyoucms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter.
CVE-2019-17427 1 Redmine 1 Redmine 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors.
CVE-2019-17417 1 Pbootcms 1 Pbootcms 2024-11-21 3.5 LOW 4.8 MEDIUM
PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs.
CVE-2019-17409 1 Open-emr 1 Openemr 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 ia the id parameter.
CVE-2019-17405 1 Nokia 1 Impact 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Nokia IMPACT < 18A: has Reflected self XSS
CVE-2019-17385 1 Eleopard 1 Animate It\! 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The animate-it plugin before 2.3.5 for WordPress has XSS.
CVE-2019-17384 1 Eleopard 1 Animate It\! 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The animate-it plugin before 2.3.4 for WordPress has XSS.
CVE-2019-17380 1 Cpanel 1 Cpanel 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528).
CVE-2019-17379 1 Cpanel 1 Cpanel 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527).
CVE-2019-17378 1 Cpanel 1 Cpanel 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526).
CVE-2019-17377 1 Cpanel 1 Cpanel 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524).
CVE-2019-17376 1 Cpanel 1 Cpanel 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521).
CVE-2019-17368 1 S-cms 1 S-cms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter.
CVE-2019-17338 1 Tibco 1 Patterns - Search 2024-11-21 3.5 LOW 5.4 MEDIUM
The user interface component of TIBCO Software Inc.'s TIBCO Patterns - Search contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Patterns - Search: versions 5.4.0 and below.
CVE-2019-17337 1 Tibco 2 Spotfire Analytics Platform For Aws, Spotfire Server 2024-11-21 4.3 MEDIUM 5.4 MEDIUM
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0.
CVE-2019-17333 1 Tibco 1 Ebx 2024-11-21 3.5 LOW 5.4 MEDIUM
The Web server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.1.fixS and below, versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, and 5.9.7.