Total
36851 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12190 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter. | |||||
| CVE-2019-12189 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field. | |||||
| CVE-2019-12186 | 1 Sylius | 2 Grid, Sylius | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in Sylius products. Missing input sanitization in sylius/sylius 1.0.x through 1.0.18, 1.1.x through 1.1.17, 1.2.x through 1.2.16, 1.3.x through 1.3.11, and 1.4.x through 1.4.3 and sylius/grid 1.0.x through 1.0.18, 1.1.x through 1.1.18, 1.2.x through 1.2.17, 1.3.x through 1.3.12, 1.4.x through 1.4.4, and 1.5.0 allows an attacker (an admin in the sylius/sylius case) to perform XSS by injecting malicious code into a field displayed in a grid with the "string" field type. The contents are an object, with malicious code returned by the __toString() method of that object. | |||||
| CVE-2019-12184 | 1 Boostio | 1 Boostnote | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136. | |||||
| CVE-2019-12167 | 1 Emerson | 2 Liebert Challenger, Liebert Challenger Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| httpGetSet/httpGet.htm on Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter. | |||||
| CVE-2019-12139 | 1 Ez | 2 Ezplatform-admin-ui, Ezplatform-page-builder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in the Admin UI in eZ Platform 2.x. This affects ezplatform-admin-ui 1.3.x before 1.3.5 and 1.4.x before 1.4.4, and ezplatform-page-builder 1.1.x before 1.1.5 and 1.2.x before 1.2.4. | |||||
| CVE-2019-12136 | 1 Boostio | 1 Boostnote | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, as demonstrated by a crafted SRC attribute of an IFRAME element. | |||||
| CVE-2019-12095 | 1 Horde | 1 Groupware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload. | |||||
| CVE-2019-12094 | 1 Horde | 1 Groupware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI. | |||||
| CVE-2019-12047 | 1 Gridea | 1 Gridea | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module can be called to achieve arbitrary code execution, as demonstrated by child_process.exec and the "<img src=# onerror='eval(new Buffer(" substring. | |||||
| CVE-2019-12043 | 1 Remarkable Project | 1 Remarkable | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In remarkable 1.7.1, lib/parser_inline.js mishandles URL filtering, which allows attackers to trigger XSS via unprintable characters, as demonstrated by a \x0ejavascript: URL. | |||||
| CVE-2019-11999 | 1 Hpe | 1 Opencall Media Platform | 2024-11-21 | 4.9 MEDIUM | 6.9 MEDIUM |
| Potential security vulnerabilities have been identified in HPE OpenCall Media Platform (OCMP) resulting in remote arbitrary file download and cross site scripting. HPE has made the following updates available to resolve the vulnerability in the impacted versions of OCMP. * For OCMP version 4.4.X - please upgrade to OCMP 4.4.8 and then install RP806 * For OCMP 4.5.x please contact HPE Technical Support to obtain the necessary software updates. | |||||
| CVE-2019-11997 | 1 Hp | 1 Enhanced Internet Usage Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A potential security vulnerability has been identified in HPE enhanced Internet Usage Manager (eIUM) versions 8.3 and 9.0. The vulnerability could be used for unauthorized access to information via cross site scripting. HPE has made the following software updates to resolve the vulnerability in eIUM. The eIUM 8.3 FP01 customers are advised to install eIUM83FP01Patch_QXCR1001711284.20190806-1244 patch. The eIUM 9.0 customers are advised to upgrade to eIUM 9.0 FP02 PI5 or later versions. For other versions, please, contact the product support. | |||||
| CVE-2019-11992 | 1 Hp | 1 Oneview For Vmware Vcenter | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A security vulnerability in HPE OneView for VMware vCenter 9.5 could be exploited remotely to allow Cross-Site Scripting. | |||||
| CVE-2019-11982 | 1 Hp | 39 Integrated Lights-out 4 Firmware, Integrated Lights-out 5 Firmware, Proliant Bl460c Gen10 and 36 more | 2024-11-21 | 7.6 HIGH | 8.3 HIGH |
| A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39. | |||||
| CVE-2019-11928 | 1 Whatsapp | 1 Whatsapp Desktop | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An input validation issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed cross-site scripting upon clicking on a link from a specially crafted live location message. | |||||
| CVE-2019-11877 | 1 Pix-link | 2 Lv-wr09, Lv-wr09 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS on the PIX-Link Repeater/Router LV-WR09 with firmware v28K.MiniRouter.20180616 allows attackers to steal credentials without being connected to the network. The attack vector is a crafted ESSID. | |||||
| CVE-2019-11876 | 2 Drupal, Prestashop | 2 Drupal, Prestashop | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link. | |||||
| CVE-2019-11871 | 1 Custom Field Suite Project | 1 Custom Field Suite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for editors or admins. | |||||
| CVE-2019-11870 | 1 S9y | 1 Serendipity | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature. | |||||