Total
36869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13236 | 1 Alkacon | 1 Opencms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface. | |||||
| CVE-2019-13235 | 1 Alkacon | 1 Opencms Apollo Template | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form. | |||||
| CVE-2019-13234 | 1 Alkacon | 1 Opencms Apollo Template | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine. | |||||
| CVE-2019-13209 | 1 Suse | 1 Rancher | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is accomplished, the exploiter is able to execute commands against the cluster's Kubernetes API with the permissions and identity of the victim. | |||||
| CVE-2019-13200 | 1 Kyocera | 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Reflected XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions. | |||||
| CVE-2019-13198 | 1 Kyocera | 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Stored XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions. | |||||
| CVE-2019-13189 | 1 Eng | 1 Knowage | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page. | |||||
| CVE-2019-13186 | 1 1234n | 1 Minicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the tags box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, and CVE-2018-20520. | |||||
| CVE-2019-13182 | 1 Solarwinds | 1 Serv-u Ftp Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7. | |||||
| CVE-2019-13167 | 1 Xerox | 2 Phaser 3320, Phaser 3320 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions. | |||||
| CVE-2019-13127 | 2 Draw, Jgraph | 2 Draw.io Diagrams, Mxgraph | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in mxGraph through 4.0.0, related to the "draw.io Diagrams" plugin before 8.3.14 for Confluence and other products. Improper input validation/sanitization of a color field leads to XSS. This is associated with javascript/examples/grapheditor/www/js/Dialogs.js. | |||||
| CVE-2019-13122 | 1 Ozlabs | 1 Patchwork | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in the template tag used to render message ids in Patchwork v1.1 through v2.1.x. This allows an attacker to insert JavaScript or HTML into the patch detail page via an email sent to a mailing list consumed by Patchwork. This affects the function msgid in templatetags/patch.py. Patchwork versions v2.1.4 and v2.0.4 will contain the fix. | |||||
| CVE-2019-13081 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the title field in the /common/ticket_associated_tickets.php service desk ticket functionality) that allows an authenticated user to execute arbitrary JavaScript in a service desk user's browser. | |||||
| CVE-2019-13080 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser. | |||||
| CVE-2019-13077 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_detail_titled.php SAM_TYPE parameter) that allows an attacker to create a malicious link in order to attack authenticated users. | |||||
| CVE-2019-13072 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page. | |||||
| CVE-2019-13070 | 1 Cyberpowersystems | 1 Powerpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored XSS vulnerability in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows a privileged attacker to embed malicious JavaScript in the SNMP trap receivers form. Upon visiting the /agent/action_recipient Event Action/Recipient page, the embedded code will be executed in the browser of the victim. | |||||
| CVE-2019-13068 | 1 Grafana | 1 Grafana | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field). | |||||
| CVE-2019-13066 | 1 Sahipro | 1 Sahi Pro | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sahi Pro 8.0.0 has a script manager arena located at _s_/dyn/pro/DBReports with many different areas that are vulnerable to reflected XSS, by updating a script's Script Name, Suite Name, Base URL, Android, iOS, Scripts Run, Origin Machine, or Comment field. The sql parameter can be used to trigger reflected XSS. | |||||
| CVE-2019-12970 | 1 Squirrelmail | 1 Squirrelmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of (for example) a NOEMBED, NOFRAMES, NOSCRIPT, or TEXTAREA element. | |||||