Total
36829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1020008 | 1 Stacktable.js Project | 1 Stacktable.js | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| stacktable.js before 1.0.4 allows XSS. | |||||
| CVE-2019-1020007 | 1 Owasp | 1 Dependency-track | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Dependency-Track before 3.5.1 allows XSS. | |||||
| CVE-2019-1020005 | 1 Inveniosoftware | 1 Invenio-communities | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| invenio-communities before 1.0.0a20 allows XSS. | |||||
| CVE-2019-1020003 | 1 Inveniosoftware | 1 Invenio-records | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| invenio-records before 1.2.2 allows XSS. | |||||
| CVE-2019-1010314 | 1 Gitea | 1 Gitea | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page. | |||||
| CVE-2019-1010307 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). The impact is: All dropdown values are vulnerable to XSS leading to privilege escalation and executing js on admin. The component is: /glpi/ajax/getDropDownValue.php. The attack vector is: 1- User Create a ticket , 2- Admin opens another ticket and click on the "Link Tickets" feature, 3- a request to the endpoint fetches js and executes it. | |||||
| CVE-2019-1010287 | 1 Timesheet Next Gen Project | 1 Timesheet Next Gen | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url. | |||||
| CVE-2019-1010261 | 1 Gitea | 1 Gitea | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically crafted URL. The fixed version is: 1.7.1 and later. | |||||
| CVE-2019-1010247 | 1 Openidc | 1 Mod Auth Openidc | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/mod_auth_openidc.c, Line: 3109. The fixed version is: 2.3.10.2. | |||||
| CVE-2019-1010237 | 1 Ilias | 1 Ilias | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap (attacker) / Corrections view (victim). The fixed version is: 5.3.12. | |||||
| CVE-2019-1010235 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing, Alert pop-up on page, Redirecting to another phishing site, Executing browser exploits. The component is: Snippets. | |||||
| CVE-2019-1010207 | 1 Genetechsolutions | 1 Pie Register | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scripting (XSS). The impact is: Stealing of session cookies. The component is: File: Login. Parameters: interim-login, wp-lang, and supplied URL. The attack vector is: If a victim clicks a malicious link, the attacker can steal his/her account. The fixed version is: 3.0.16. | |||||
| CVE-2019-1010199 | 1 Servicestack | 1 Servicestack | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site Scripting (XSS). The impact is: JavaScrpit is reflected in the server response, hence executed by the browser. The component is: the query used in the GET request is prone. The attack vector is: Since there is no server-side validation and If Browser encoding is bypassed, the victim is affected when opening a crafted URL. The fixed version is: 5.2.0. | |||||
| CVE-2019-1010193 | 1 Hisiphp | 1 Hisiphp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| hisiphp 1.0.8 is affected by: Cross Site Scripting (XSS). | |||||
| CVE-2019-1010147 | 2 Bmc, Yellowfinbi | 2 Remedy Smart Reporting, Yellowfin Bi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browser. The component is: MIAdminStyles.i4. The attack vector is: Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. The fixed version is: 7.4 and later. | |||||
| CVE-2019-1010124 | 1 Webappick | 1 Woocommerce Product Feed | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| WebAppick WooCommerce Product Feed 2.2.18 and earlier is affected by: Cross Site Scripting (XSS). The impact is: XSS to RCE via editing theme files in WordPress. The component is: admin/partials/woo-feed-manage-list.php:63. The attack vector is: Administrator must be logged in. | |||||
| CVE-2019-1010113 | 1 Premiumsoftware | 1 Cleditor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site Scripting (XSS). The impact is: An attacker might be able to inject arbitrary html and script code into the web site. The component is: jQuery plug-in. The attack vector is: the victim must open a crafted href attribute of a link (A) element. | |||||
| CVE-2019-1010091 | 1 Tiny | 1 Tinymce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab. | |||||
| CVE-2019-1010028 | 1 School College Portal With Erp Script Project | 1 School College Portal With Erp Script | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpscriptsmall.com School College Portal with ERP Script 2.6.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attack administrators and teachers, students and more. The component is: /pro-school/index.php?student/message/send_reply/. The attack vector is: <img src=x onerror=alert(document.domain) />. | |||||
| CVE-2019-1010018 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) - CWE-80. The impact is: Execute java script code on users browser. The component is: web app. The attack vector is: the victim must open a ticket. The fixed version is: 2.3.1, 2.2.2 and 2.1.3. | |||||