Total
36851 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12386 | 1 Ampache | 1 Ampache | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known by the attacker. | |||||
| CVE-2019-12370 | 1 Readdle | 1 Spark | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Spark application through 2.0.2 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | |||||
| CVE-2019-12369 | 1 Typeapp | 1 Typeapp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The TypeApp application through 1.9.5.35 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | |||||
| CVE-2019-12368 | 1 Edison | 1 Edison Mail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Edison Mail application through 1.7.1 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | |||||
| CVE-2019-12367 | 1 Blixhq | 1 Bluemail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The BlueMail application through 1.9.5.36 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | |||||
| CVE-2019-12366 | 1 9folders | 1 Nine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Nine application through 4.5.3a for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | |||||
| CVE-2019-12365 | 1 Cloudmagic | 1 Newton | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Newton application through 10.0.23 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | |||||
| CVE-2019-12362 | 1 Phome | 1 Empirecms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php. | |||||
| CVE-2019-12361 | 1 Phome | 1 Empirecms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page. | |||||
| CVE-2019-12347 | 1 Netgate | 1 Pfsense | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via an acme_accountkeys_edit.php action. The vulnerability occurs due to input validation errors. | |||||
| CVE-2019-12346 | 1 Miniorange | 1 Saml Sp Single Sign On | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post. | |||||
| CVE-2019-12345 | 1 Kibokolabs | 1 Hostel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress. | |||||
| CVE-2019-12315 | 1 Samsung | 2 Scx-824, Scx-824 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Samsung SCX-824 printers allow a reflected Cross-Site-Scripting (XSS) vulnerability that can be triggered by using the "print from file" feature, as demonstrated by the sws/swsAlert.sws?popupid=successMsg msg parameter. | |||||
| CVE-2019-12313 | 1 Dollarshaveclub | 1 Shave | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Shave before 2.5.3 because output encoding is mishandled during the overwrite of an HTML element. | |||||
| CVE-2019-12311 | 1 Sandline | 1 Centraleyezer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sandline Centraleyezer (On Premises) allows Unrestricted File Upload leading to Stored XSS. An HTML page running a script could be uploaded to the server. When a victim tries to download a CISO Report template, the script is loaded. | |||||
| CVE-2019-12308 | 1 Djangoproject | 1 Django | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link. | |||||
| CVE-2019-12299 | 1 Sandline | 1 Centraleyezer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sandline Centraleyezer (On Premises) allows Stored XSS using HTML entities in the name field of the Category section. | |||||
| CVE-2019-12250 | 1 Identityserver | 1 Identityserver4 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs LogForErrorContext method, which can be triggered by viewing a log. NOTE: the software maintainer disputes that this is a vulnerability because the request logger is not part of IdentityServer but only our development test host | |||||
| CVE-2019-12205 | 1 Silverstripe | 1 Silverstripe | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS. | |||||
| CVE-2019-12195 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet. | |||||