Total
36974 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15479 | 1 Status Board Project | 1 Status Board | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Status Board 1.1.81 has reflected XSS via dashboard.ts. | |||||
| CVE-2019-15478 | 1 Status Board Project | 1 Status Board | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Status Board 1.1.81 has reflected XSS via logic.ts. | |||||
| CVE-2019-15477 | 1 Jooby | 1 Jooby | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jooby before 1.6.4 has XSS via the default error handler. | |||||
| CVE-2019-15476 | 1 Former Project | 1 Former | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Former before 4.2.1 has XSS via a checkbox value. | |||||
| CVE-2019-15331 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for WordPress has HTML injection. | |||||
| CVE-2019-15328 | 1 Codection | 1 Import Users From Csv With Meta | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS. | |||||
| CVE-2019-15327 | 1 Codection | 1 Import Users From Csv With Meta | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data. | |||||
| CVE-2019-15317 | 1 Givewp | 1 Givewp | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The give plugin before 2.4.7 for WordPress has XSS via a donor name. | |||||
| CVE-2019-15314 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI. | |||||
| CVE-2019-15313 | 1 Zimbra | 1 Collaboration Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability. | |||||
| CVE-2019-15281 | 1 Cisco | 1 Identity Services Engine Software | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The attacker must have valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting malicious code into a troubleshooting file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2019-15278 | 1 Cisco | 2 Finesse, Unified Contact Center Express | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information. | |||||
| CVE-2019-15270 | 1 Cisco | 12 Firepower Management Center, Firepower Management Center 1000, Firepower Management Center 1600 and 9 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2019-15269 | 1 Cisco | 68 Amp 7150, Amp 7150 Firmware, Amp 8150 and 65 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2019-15268 | 1 Cisco | 68 Amp 7150, Amp 7150 Firmware, Amp 8150 and 65 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2019-15253 | 1 Cisco | 1 Dna Center | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker needs administrator credentials. This vulnerability affects Cisco DNA Center Software releases earlier than 1.3.0.6 and 1.3.1.4. | |||||
| CVE-2019-15233 | 1 Oldstreetsolutions | 1 Live Input Macros | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Live:Text Box macro in the Old Street Live Input Macros app before 2.11 for Confluence has XSS, leading to theft of the Administrator Session Cookie. | |||||
| CVE-2019-15230 | 1 Librenms | 1 Librenms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account. | |||||
| CVE-2019-15228 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors. | |||||
| CVE-2019-15227 | 1 Getflightpath | 1 Flightpath | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Console. This could lead to cookie stealing and other malicious actions. | |||||