Total
37273 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20520 | 1 Frappe | 1 Erpnext | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/method/ URI. | |||||
| CVE-2019-20519 | 1 Frappe | 1 Erpnext | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the user/ URI, as demonstrated by a crafted e-mail address. | |||||
| CVE-2019-20518 | 1 Frappe | 1 Erpnext | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the project/ URI. | |||||
| CVE-2019-20517 | 1 Frappe | 1 Erpnext | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the contact/ URI. | |||||
| CVE-2019-20516 | 1 Frappe | 1 Erpnext | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the blog/ URI. | |||||
| CVE-2019-20515 | 1 Frappe | 1 Erpnext | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the addresses/ URI. | |||||
| CVE-2019-20514 | 1 Frappe | 1 Erpnext | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the address/ URI. | |||||
| CVE-2019-20513 | 1 Edx | 1 Open Edx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Open edX Ironwood.1 allows support/certificates?user= reflected XSS. | |||||
| CVE-2019-20512 | 1 Open.edx | 1 Ironwood | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Open edX Ironwood.1 allows support/certificates?course_id= reflected XSS. | |||||
| CVE-2019-20511 | 1 Frappe | 1 Erpnext | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ERPNext 11.1.47 allows blog?blog_category= Frame Injection. | |||||
| CVE-2019-20497 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533). | |||||
| CVE-2019-20493 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520). | |||||
| CVE-2019-20486 | 1 Netgear | 2 Wnr1000, Wnr1000 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple pages (setup.cgi and adv_index.htm) within the web management console are vulnerable to stored XSS, as demonstrated by the configuration of the UI language. | |||||
| CVE-2019-20483 | 1 Vikisolutions | 1 Vera | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Viki Vera 4.9.1.26180. An attacker could set a user's last name to an XSS Payload, and read another user's cookie and use that to login to the application. | |||||
| CVE-2019-20443 | 1 Wso2 | 3 Api Manager, Enterprise Integrator, Identity Server | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in mediaType has been identified in the registry UI. | |||||
| CVE-2019-20442 | 1 Wso2 | 3 Api Manager, Enterprise Integrator, Identity Server | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in roleToAuthorize has been identified in the registry UI. | |||||
| CVE-2019-20441 | 1 Wso2 | 1 Api Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting (XSS) vulnerability has been identified in the 'implement phase' of the API Publisher. | |||||
| CVE-2019-20440 | 1 Wso2 | 1 Api Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the update API documentation feature of the API Publisher. | |||||
| CVE-2019-20439 | 1 Wso2 | 1 Api Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in defining a scope in the "manage the API" page of the API Publisher. | |||||
| CVE-2019-20438 | 1 Wso2 | 1 Api Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting (XSS) vulnerability has been identified in the inline API documentation editor page of the API Publisher. | |||||