Total
37644 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9646 | 1 Codepeople | 1 Contact Form Email | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Contact Form Email plugin before 1.2.66 for WordPress allows wp-admin/admin.php item XSS, related to cp_admin_int_edition.inc.php in the "custom edition area." | |||||
| CVE-2019-9644 | 1 Jupyter | 1 Notebook | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of error messages, though not reproduced with other browsers. This occurs because Internet Explorer's error messages can include the content of any invalid JavaScript that was encountered. | |||||
| CVE-2019-9606 | 1 Personal Video Collection Script Project | 1 Personal Video Collection Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Personal Video Collection Script 4.0.4 has Stored XSS via the "Update profile" feature. | |||||
| CVE-2019-9605 | 1 Online Lottery Php Readymade Script Project | 1 Online Lottery Php Readymade Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Reflected Cross-site Scripting (XSS) via the err value in a .ico picture upload. | |||||
| CVE-2019-9595 | 1 Appcms | 1 Appcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| AppCMS 2.0.101 allows XSS via the upload/callback.php params parameter. | |||||
| CVE-2019-9593 | 1 Mitel | 1 Connect Onsite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2019-9592 | 1 Mitel | 1 Connect Onsite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
| CVE-2019-9591 | 1 Mitel | 1 Connect Onsite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 allows remote attackers to inject arbitrary web script or HTML via the brandUrl parameter. | |||||
| CVE-2019-9580 | 1 Stackstorm | 1 Stackstorm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a "null" origin value, potentially leading to XSS. | |||||
| CVE-2019-9576 | 1 Adenion | 1 Blog2social | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS. | |||||
| CVE-2019-9575 | 1 Quizandsurveymaster | 1 Quiz And Survey Master | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Quiz And Survey Master plugin 6.0.4 for WordPress allows wp-admin/admin.php?page=mlw_quiz_results quiz_id XSS. | |||||
| CVE-2019-9570 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/system_manage/save.html URI, related to the site_code parameter. | |||||
| CVE-2019-9567 | 1 Incsub | 1 Forminator | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll. | |||||
| CVE-2019-9558 | 1 Mailtraq | 1 Webmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting (XSS) via the body of an e-mail message. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe. | |||||
| CVE-2019-9557 | 1 Codecrafters | 1 Ability Mail Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe. | |||||
| CVE-2019-9556 | 1 Fiberhomegroup | 2 An5506-04-f, An5506-04-f Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| FiberHome an5506-04-f RP2669 devices have XSS. | |||||
| CVE-2019-9554 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI. | |||||
| CVE-2019-9553 | 1 Boltcms | 1 Bolt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933. | |||||
| CVE-2019-9551 | 1 Wdoyo | 1 Doyocms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DOYO (aka doyocms) 2.3 through 2015-05-06. It has admin.php XSS. | |||||
| CVE-2019-9550 | 1 Dhcms Project | 1 Dhcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| DhCms through 2017-09-18 has admin.php?r=admin/Index/index XSS. | |||||