Total
36869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13463 | 1 Quantumcloud | 1 Simple Link Directory | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin before 7.3.5 for WordPress allows remote attackers to inject arbitrary web script or HTML, because esc_html is not called for the "echo get_the_title()" or "echo $term->name" statement. | |||||
| CVE-2019-13448 | 1 Sertek | 1 Xpare | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could exploit the vulnerable function in order to prepare an XSS payload to send to the product's clients. | |||||
| CVE-2019-13414 | 1 Boiteasite | 1 Rencontre | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/rencontre_widget.php. | |||||
| CVE-2019-13407 | 2 Androvideo, Geovision | 6 Vd 1, Vd 1 Firmware, Gv-vd8700 and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly. | |||||
| CVE-2019-13397 | 1 Enhancesoft | 1 Osticket | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via arbitrary file extension while creating a support ticket. | |||||
| CVE-2019-13392 | 1 Mindpalette | 1 Natemail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid. | |||||
| CVE-2019-13389 | 1 Rainloop | 1 Webmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header. | |||||
| CVE-2019-13387 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected XSS in filemanager2.php (parameter fm_current_dir) allows attackers to steal a cookie or session, or redirect to a phishing website. | |||||
| CVE-2019-13380 | 1 Keynto | 1 Team Password Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| KEYNTO Team Password Manager 1.5.0 allows XSS because data saved from websites is mishandled in the online vault. | |||||
| CVE-2019-13376 | 1 Phpbb | 1 Phpbb | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS | |||||
| CVE-2019-13374 | 2 Dlink, Microsoft | 2 Central Wifimanager, Windows | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter. | |||||
| CVE-2019-13364 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF. | |||||
| CVE-2019-13363 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_dates, or param_submit parameter. This is exploitable via CSRF. | |||||
| CVE-2019-13346 | 1 Myt Project | 1 Myt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MyT 1.5.1, the User[username] parameter has XSS. | |||||
| CVE-2019-13345 | 2 Debian, Squid-cache | 2 Debian Linux, Squid | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter. | |||||
| CVE-2019-13341 | 1 1234n | 1 Minicms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| In MiniCMS V1.10, stored XSS was found in mc-admin/conf.php (comment box), which can be used to get a user's cookie. | |||||
| CVE-2019-13340 | 1 1234n | 1 Minicms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the content box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, CVE-2018-20520, and CVE-2019-13186. | |||||
| CVE-2019-13339 | 1 1234n | 1 Minicms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| In MiniCMS V1.10, stored XSS was found in mc-admin/page-edit.php (content box), which can be used to get a user's cookie. | |||||
| CVE-2019-13274 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter. | |||||
| CVE-2019-13239 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture. | |||||