Total
37092 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-17488 | 1 B3log | 1 Symphony | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header. | |||||
CVE-2019-17434 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen. | |||||
CVE-2019-17433 | 1 Laravel-admin | 1 Laravel-admin | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen. | |||||
CVE-2019-17432 | 1 Fastadmin | 1 Fastadmin | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the row[name] parameter. | |||||
CVE-2019-17430 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter. | |||||
CVE-2019-17427 | 1 Redmine | 1 Redmine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors. | |||||
CVE-2019-17417 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs. | |||||
CVE-2019-17409 | 1 Open-emr | 1 Openemr | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 ia the id parameter. | |||||
CVE-2019-17405 | 1 Nokia | 1 Impact | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Nokia IMPACT < 18A: has Reflected self XSS | |||||
CVE-2019-17385 | 1 Eleopard | 1 Animate It\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The animate-it plugin before 2.3.5 for WordPress has XSS. | |||||
CVE-2019-17384 | 1 Eleopard | 1 Animate It\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The animate-it plugin before 2.3.4 for WordPress has XSS. | |||||
CVE-2019-17380 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528). | |||||
CVE-2019-17379 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527). | |||||
CVE-2019-17378 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526). | |||||
CVE-2019-17377 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524). | |||||
CVE-2019-17376 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521). | |||||
CVE-2019-17368 | 1 S-cms | 1 S-cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter. | |||||
CVE-2019-17338 | 1 Tibco | 1 Patterns - Search | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
The user interface component of TIBCO Software Inc.'s TIBCO Patterns - Search contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Patterns - Search: versions 5.4.0 and below. | |||||
CVE-2019-17337 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0. | |||||
CVE-2019-17333 | 1 Tibco | 1 Ebx | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
The Web server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.1.fixS and below, versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, and 5.9.7. |