Total
36869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12964 | 1 Livezilla | 1 Livezilla | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject. | |||||
| CVE-2019-12963 | 1 Livezilla | 1 Livezilla | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action. | |||||
| CVE-2019-12962 | 1 Livezilla | 1 Livezilla | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header. | |||||
| CVE-2019-12954 | 1 Solarwinds | 2 Network Performance Monitor Orion Platform 2018 Netpath, Network Performance Monitor Orion Platform 2018 Npm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT. | |||||
| CVE-2019-12950 | 1 Teampass | 1 Teampass | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php "Import items" feature, it is possible to load a crafted CSV file with an XSS payload. | |||||
| CVE-2019-12949 | 1 Netgate | 1 Pfsense | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage XSS to upload arbitrary executable code, via diag_command.php and rrd_fetch_json.php (timePeriod parameter), to a server. Then, the remote attacker can run any command with root privileges on that server. | |||||
| CVE-2019-12935 | 1 Shopware | 1 Shopware | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
| Shopware before 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI. | |||||
| CVE-2019-12934 | 1 Wp-code-highlightjs Project | 1 Wp-code-highlightjs | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css parameter. | |||||
| CVE-2019-12932 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php. | |||||
| CVE-2019-12930 | 1 Wikindx Project | 1 Wikindx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in noMenu() and noSubMenu() in core/navigation/MENU.php in WIKINDX prior to version 5.8.1 allows remote attackers to inject arbitrary web script or HTML via the method parameter. | |||||
| CVE-2019-12927 | 1 Mailenable | 1 Mailenable | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MailEnable Enterprise Premium 10.23 was vulnerable to stored and reflected cross-site scripting (XSS) attacks. Because the session cookie did not use the HttpOnly flag, it was possible to hijack the session cookie by exploiting this vulnerability. | |||||
| CVE-2019-12917 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/software_library.php component via the PATH_INFO. | |||||
| CVE-2019-12905 | 1 Afian | 1 Filerun | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman§ion=do&page=up URI. This issue has been fixed in FileRun 2019.06.01. | |||||
| CVE-2019-12863 | 1 Solarwinds | 3 Netpath, Network Performance Monitor, Orion Platform | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen. | |||||
| CVE-2019-12842 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2. | |||||
| CVE-2019-12834 | 1 Ht2labs | 1 Learning Locker | 2024-11-21 | 4.3 MEDIUM | 7.3 HIGH |
| In HT2 Labs Learning Locker 3.15.1, it's possible to inject malicious HTML and JavaScript code into the DOM of the website via the PATH_INFO to the dashboards/ URI. | |||||
| CVE-2019-12830 | 1 Mybb | 1 Mybb | 2024-11-21 | 3.5 LOW | 8.7 HIGH |
| In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue. | |||||
| CVE-2019-12823 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS. | |||||
| CVE-2019-12801 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name. | |||||
| CVE-2019-12774 | 1 Enttec | 8 Datagate Mk2, Datagate Mk2 Firmware, E-streamer Mk2 and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044_update_05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description field in JSON data to the Profile Editor. | |||||