Total
36968 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14517 | 1 Editor.md Project | 1 Editor.md | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| pandao Editor.md 1.5.0 allows XSS via the Javascript: string. | |||||
| CVE-2019-14512 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/PanelBoxWidget/views/box.php or a label title in application/views/admin/labels/labelview_view.php. | |||||
| CVE-2019-14478 | 1 Adremsoft | 1 Netcrunch | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting (XSS) vulnerability in the NetCrunch web client. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript code in the context of the user's browser if the victim opens or searches for a node whose "Display Name" contains an XSS payload. | |||||
| CVE-2019-14472 | 1 Zurmo | 1 Zurmo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO. | |||||
| CVE-2019-14471 | 1 Testlink | 1 Testlink | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| TestLink 1.9.19 has XSS via the error.php message parameter. | |||||
| CVE-2019-14470 | 2 Instagram-php-api Project, Userproplugin | 2 Instagram-php-api, User Pro | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter. | |||||
| CVE-2019-14469 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS. | |||||
| CVE-2019-14456 | 1 Opengear | 1 Opengear | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Opengear console server firmware releases prior to 4.5.0 have a stored XSS vulnerability related to serial port logging. If a malicious user of an external system (connected to a serial port on an Opengear console server) sends crafted text to a serial port (that has logging enabled), the text will be replayed when the logs are viewed. Exploiting this vulnerability requires access to the serial port and/or console server. | |||||
| CVE-2019-14449 | 1 Cloudera | 1 Cloudera Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting (XSS) when viewed within this product. | |||||
| CVE-2019-14427 | 1 Webstudio | 1 Ultimate Loan Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch under the Branches button that sets the notes parameter with crafted JavaScript code. | |||||
| CVE-2019-14415 | 1 Veritas | 1 Resiliency Platform | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP user to inject malicious script into another user's browser, related to resiliency plans functionality. A victim must open a resiliency plan that an attacker has access to. | |||||
| CVE-2019-14406 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493). | |||||
| CVE-2019-14390 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512). | |||||
| CVE-2019-14387 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506). | |||||
| CVE-2019-14386 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504). | |||||
| CVE-2019-14364 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability in the "Email Subscribers & Newsletters" plugin 4.1.6 for WordPress allows an attacker to inject malicious JavaScript code through a publicly available subscription form using the esfpx_name wp-admin/admin-ajax.php POST parameter. | |||||
| CVE-2019-14350 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base. A malicious attacker can inject JavaScript code in the body parameter during api/v1/KnowledgeBaseArticle knowledge-base record creation. | |||||
| CVE-2019-14349 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the api/v1/Document functionality for storing documents in the account tab. An attacker can upload a crafted file that contains JavaScript code in its name. This code will be executed when a user opens a page of any profile with this. | |||||
| CVE-2019-14344 | 1 Vocabularyserver | 1 Tematres | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| TemaTres 3.0 has reflected XSS via the replace_string or search_string parameter to the vocab/admin.php?doAdmin=bulkReplace URI. | |||||
| CVE-2019-14343 | 1 Vocabularyserver | 1 Tematres | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabulario_id=list URI. | |||||