Vulnerabilities (CVE)

Filtered by CWE-79
Total 36976 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-15614 1 Nextcloud 1 Nextcloud 2024-11-21 3.5 LOW 5.4 MEDIUM
Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files.
CVE-2019-15607 1 Nodered 1 Node-red 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored XSS vulnerability is present within node-red (version: <= 0.20.7) npm package, which is a visual tool for wiring the Internet of Things. This issue will allow the attacker to steal session cookies, deface web applications, etc.
CVE-2019-15603 1 Seeftl Project 1 Seeftl 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The seefl package v0.1.1 is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability via a malicious filename rendered in a directory listing.
CVE-2019-15602 1 Itwork 1 Fileview 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The fileview package v0.1.6 has inadequate output encoding and escaping, which leads to a stored Cross-Site Scripting (XSS) vulnerability in files it serves.
CVE-2019-15587 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2024-11-21 3.5 LOW 5.4 MEDIUM
In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
CVE-2019-15586 1 Gitlab 1 Gitlab 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin.
CVE-2019-15539 1 Mantisbt 1 Mantisbt 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed when editing the document's page.
CVE-2019-15532 1 Gchq 1 Cyberchef 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs.
CVE-2019-15510 1 Zohocorp 1 Manageengine Desktop Central 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the user administration page via the description of a role.
CVE-2019-15501 1 Lsoft 1 Listserv 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter.
CVE-2019-15499 2 Apple, Hackmd 2 Safari, Codimd 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL.
CVE-2019-15492 1 It-novum 1 Openitcockpit 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21.
CVE-2019-15489 1 Laracom 1 Laracom 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
laracom (aka Laravel FREE E-Commerce Software) 1.4.11 has search?q= XSS.
CVE-2019-15488 1 Igniterealtime 1 Openfire 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test.
CVE-2019-15487 1 Schoolexperience 1 Department For Education School Experience 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
DfE School Experience before v16333-GA has XSS via a teacher training URL.
CVE-2019-15486 1 Django Js Reverse Project 1 Django Js Reserve 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline.
CVE-2019-15485 1 Boltcms 1 Bolt 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php.
CVE-2019-15484 1 Boltcms 1 Bolt 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Bolt before 3.6.10 has XSS via an image's alt or title field.
CVE-2019-15483 1 Boltcms 1 Bolt 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Bolt before 3.6.10 has XSS via a title that is mishandled in the system log.
CVE-2019-15482 1 Selectize-plugin-a11y Project 1 Selectize-plugin-a11y 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
selectize-plugin-a11y before 1.1.0 has XSS via the msg field.