Total
36968 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13948 | 1 Syguestbook A5 Project | 1 Syguestbook A5 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element. | |||||
| CVE-2019-13943 | 1 Siemens | 6 En100 Ethernet Module, En100 Ethernet Module With Firmware Variant Dnp3 Tcp, En100 Ethernet Module With Firmware Variant Iec104 and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated to the web interface. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security. vulnerability was known. | |||||
| CVE-2019-13936 | 1 Siemens | 1 Polarion | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a persistent XSS vulnerability. This issue affects: Siemens AG Polarion All versions < 19.2. | |||||
| CVE-2019-13935 | 1 Siemens | 1 Polarion | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a reflected XSS vulnerability. This issue affects: Siemens AG Polarion All versions < 19.2. | |||||
| CVE-2019-13934 | 1 Siemens | 1 Polarion | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a reflected XSS vulnerability. This issue affects: Siemens AG Polarion All versions < 19.2. | |||||
| CVE-2019-13931 | 1 Siemens | 1 Xhq | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow for an an attacker to craft the input in a form that is not expected, causing the application to behave in unexpected ways for legitimate users. Successful exploitation requires for an attacker to be authenticated to the web interface. A successful attack could cause the application to have unexpected behavior. This could allow the attacker to modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-13923 | 1 Siemens | 2 Ie\/wsn-pa Link Wirelesshart Gateway, Ie\/wsn-pa Link Wirelesshart Gateway Firmware | 2024-11-21 | 4.3 MEDIUM | 9.6 CRITICAL |
| A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The integrated configuration web server of the affected device could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. | |||||
| CVE-2019-13741 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content. | |||||
| CVE-2019-13647 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$file_id$ attachment viewing. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability | |||||
| CVE-2019-13646 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability | |||||
| CVE-2019-13645 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during attachments/edit/$file_id$ attachment editing. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability | |||||
| CVE-2019-13644 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tag_number$ tag summary page. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability | |||||
| CVE-2019-13643 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clicking a malicious link on the Notifications page. | |||||
| CVE-2019-13633 | 1 Blinger | 1 Blinger | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can send arbitrary JavaScript code via a built-in communication channel, such as Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This is mishandled within the administration panel for conversations/all, conversations/inbox, conversations/unassigned, and conversations/closed. | |||||
| CVE-2019-13607 | 1 Opera | 1 Mini | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Opera Mini application through 16.0.14 for iOS has a UXSS vulnerability that can be triggered by performing navigation to a javascript: URL. | |||||
| CVE-2019-13588 | 1 Wikindx Project | 1 Wikindx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in getPagingStart() in core/lists/PAGING.php in WIKINDX before 5.8.2 allows remote attackers to inject arbitrary web script or HTML via the PagingStart parameter. | |||||
| CVE-2019-13564 | 1 Pingidentity | 1 Agentless Integration Kit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Ping Identity Agentless Integration Kit before 1.5. | |||||
| CVE-2019-13562 | 1 Dlink | 2 Dir-655, Dir-655 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the /www/apply_sec.cgi html_response_return_page parameter. | |||||
| CVE-2019-13538 | 1 Codesys | 1 Codesys | 2024-11-21 | 6.8 MEDIUM | 8.6 HIGH |
| 3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only. | |||||
| CVE-2019-13506 | 1 Nuxtjs | 2 \@nuxt\/devalue, Nuxt.js | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| @nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mishandles object keys, leading to XSS. | |||||