Total
36870 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14696 | 1 Open-school | 1 Open-school | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter. | |||||
| CVE-2019-14672 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. The JavaScript code is executed upon an error condition during a visit to the account show page. | |||||
| CVE-2019-14670 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. The JavaScript code is executed during rule-from-bill creation. | |||||
| CVE-2019-14669 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed during a visit to the audit account statistics page. | |||||
| CVE-2019-14668 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. The JavaScript code is executed during deletion of a transaction link. | |||||
| CVE-2019-14667 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action. | |||||
| CVE-2019-14653 | 1 Ipandao | 1 Editor.md | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element. | |||||
| CVE-2019-14652 | 1 Amazon | 1 Aws Javascript S3 Explorer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| explorer.js in Amazon AWS JavaScript S3 Explorer (aka aws-js-s3-explorer) v2 alpha before 2019-08-02 allows XSS in certain circumstances. | |||||
| CVE-2019-14550 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a victim clicks on the Edit Dashboard feature present on the Homepage. An attacker can load malicious JavaScript inside the add tab list feature, which would fire when a user clicks on the Edit Dashboard button, thus helping him steal victims' cookies (hence compromising their accounts). | |||||
| CVE-2019-14549 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed inside the title and breadcrumb of a newly formed entity available to all the users. A malicious user can inject JavaScript in these values of an entity, thus stealing user cookies when someone visits the publicly accessible link. | |||||
| CVE-2019-14548 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in EspoCRM before 5.6.9. Stored XSS in the body of an Article was executed when a victim opens articles received through mail. This Article can be formed by an attacker using the Knowledge Base feature in the tab list. The attacker could inject malicious JavaScript inside the body of the article, thus helping him steal victims' cookies (hence compromising their accounts). | |||||
| CVE-2019-14547 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a attacker sends an attachment to admin with malicious JavaScript in the filename. This JavaScript executed when an admin selects the particular file from the list of all attachments. The attacker could inject the JavaScript inside the filename and send it to users, thus helping him steal victims' cookies (hence compromising their accounts). | |||||
| CVE-2019-14546 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed on the Preference page as well as while sending an email when a malicious payload was inserted inside the Email Signature in the Preference page. The attacker could insert malicious JavaScript inside his email signature, which fires when the victim replies or forwards the mail, thus helping him steal victims' cookies (hence compromising their accounts). | |||||
| CVE-2019-14518 | 1 Modx | 1 Evolution Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the "access policy in the administration panel. | |||||
| CVE-2019-14517 | 1 Editor.md Project | 1 Editor.md | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| pandao Editor.md 1.5.0 allows XSS via the Javascript: string. | |||||
| CVE-2019-14512 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/PanelBoxWidget/views/box.php or a label title in application/views/admin/labels/labelview_view.php. | |||||
| CVE-2019-14478 | 1 Adremsoft | 1 Netcrunch | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting (XSS) vulnerability in the NetCrunch web client. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript code in the context of the user's browser if the victim opens or searches for a node whose "Display Name" contains an XSS payload. | |||||
| CVE-2019-14472 | 1 Zurmo | 1 Zurmo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO. | |||||
| CVE-2019-14471 | 1 Testlink | 1 Testlink | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| TestLink 1.9.19 has XSS via the error.php message parameter. | |||||
| CVE-2019-14470 | 2 Instagram-php-api Project, Userproplugin | 2 Instagram-php-api, User Pro | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter. | |||||