Total
36976 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-15614 | 1 Nextcloud | 1 Nextcloud | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files. | |||||
CVE-2019-15607 | 1 Nodered | 1 Node-red | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
A stored XSS vulnerability is present within node-red (version: <= 0.20.7) npm package, which is a visual tool for wiring the Internet of Things. This issue will allow the attacker to steal session cookies, deface web applications, etc. | |||||
CVE-2019-15603 | 1 Seeftl Project | 1 Seeftl | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The seefl package v0.1.1 is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability via a malicious filename rendered in a directory listing. | |||||
CVE-2019-15602 | 1 Itwork | 1 Fileview | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The fileview package v0.1.6 has inadequate output encoding and escaping, which leads to a stored Cross-Site Scripting (XSS) vulnerability in files it serves. | |||||
CVE-2019-15587 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. | |||||
CVE-2019-15586 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin. | |||||
CVE-2019-15539 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed when editing the document's page. | |||||
CVE-2019-15532 | 1 Gchq | 1 Cyberchef | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs. | |||||
CVE-2019-15510 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the user administration page via the description of a role. | |||||
CVE-2019-15501 | 1 Lsoft | 1 Listserv | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter. | |||||
CVE-2019-15499 | 2 Apple, Hackmd | 2 Safari, Codimd | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL. | |||||
CVE-2019-15492 | 1 It-novum | 1 Openitcockpit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21. | |||||
CVE-2019-15489 | 1 Laracom | 1 Laracom | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
laracom (aka Laravel FREE E-Commerce Software) 1.4.11 has search?q= XSS. | |||||
CVE-2019-15488 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test. | |||||
CVE-2019-15487 | 1 Schoolexperience | 1 Department For Education School Experience | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
DfE School Experience before v16333-GA has XSS via a teacher training URL. | |||||
CVE-2019-15486 | 1 Django Js Reverse Project | 1 Django Js Reserve | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline. | |||||
CVE-2019-15485 | 1 Boltcms | 1 Bolt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php. | |||||
CVE-2019-15484 | 1 Boltcms | 1 Bolt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Bolt before 3.6.10 has XSS via an image's alt or title field. | |||||
CVE-2019-15483 | 1 Boltcms | 1 Bolt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Bolt before 3.6.10 has XSS via a title that is mishandled in the system log. | |||||
CVE-2019-15482 | 1 Selectize-plugin-a11y Project | 1 Selectize-plugin-a11y | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
selectize-plugin-a11y before 1.1.0 has XSS via the msg field. |