Total
36961 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11464 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Some enterprises require that REST API endpoints include security-related headers in REST responses. Headers such as X-Frame-Options and X-Content-Type-Options are generally advisable, however some information security professionals additionally look for X-Permitted-Cross-Domain-Policies and X-XSS-Protection, which are more generally applicable to HTML endpoint, to be included too. These headers were not included in Couchbase Server 5.5.0 and 5.1.2 . They are now included in version 6.0.2 in responses from the Couchbase Server Views REST API (port 8092). | |||||
| CVE-2019-11454 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation. | |||||
| CVE-2019-11449 | 1 I-librarian | 1 I\, Librarian | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| I, Librarian 4.10 has XSS via the notes.php notes parameter. | |||||
| CVE-2019-11429 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field on the "DNS Functions > "Add DNS Zone" screen. | |||||
| CVE-2019-11428 | 1 I-librarian | 1 I\, Librarian | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| I, Librarian 4.10 has XSS via the export.php export_files parameter. | |||||
| CVE-2019-11427 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in app/search/search.app.php in idreamsoft iCMS 7.0.14 via the public/api.php?app=search q parameter. | |||||
| CVE-2019-11426 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter. | |||||
| CVE-2019-11408 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated attackers to inject arbitrary JavaScript characters by placing a phone call using a specially crafted caller ID number. This can further lead to remote code execution by chaining this vulnerability with a command injection vulnerability also present in FusionPBX. | |||||
| CVE-2019-11406 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter. | |||||
| CVE-2019-11398 | 1 Ulicms | 1 Ulicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitrary web script or HTML via the go parameter to admin/index.php, the go parameter to /admin/index.php?register=register, or the error parameter to admin/index.php?action=favicon. | |||||
| CVE-2019-11370 | 1 Carel | 2 Pcoweb Card, Pcoweb Card Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field. | |||||
| CVE-2019-11368 | 1 Auo | 1 Solar Data Recorder | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via the protect/config.htm addr parameter. | |||||
| CVE-2019-11359 | 1 I-librarian | 1 I\, Librarian | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter. | |||||
| CVE-2019-11345 | 1 Citrix | 2 Citrix Sd-wan Center, Netscaler Sd-wan Center | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS. | |||||
| CVE-2019-11318 | 1 Synacor | 1 Zimbra Collaboration Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS. | |||||
| CVE-2019-11281 | 4 Debian, Fedoraproject, Pivotal Software and 1 more | 5 Debian Linux, Fedora, Rabbitmq and 2 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information. | |||||
| CVE-2019-11274 | 1 Cloudfoundry | 1 User Account And Authentication | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. A remote unauthenticated malicious attacker could craft a URL that contains a SCIM filter that contains malicious JavaScript, which older browsers may execute. | |||||
| CVE-2019-11226 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content Manager -> News. | |||||
| CVE-2019-11215 | 1 Combodo | 1 Itop | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a writable state: during installation; during upgrade; in certain cases, an error during modification of the file from the web interface leaves the file writable (can be triggered with XSS); a race condition can be triggered by the hub-connector module (community version only from 2.4.1 to 2.6.0); or editing the file in a CLI. | |||||
| CVE-2019-11212 | 1 Tibco | 1 Master Data Management | 2024-11-21 | 3.5 LOW | 6.3 MEDIUM |
| The MDM server component of TIBCO Software Inc's TIBCO MDM contains multiple vulnerabilities that theoretically allow an authenticated user with specific roles to perform cross-site scripting (XSS) attacks. This issue affects TIBCO Software Inc.'s TIBCO MDM version 9.0.1 and prior versions; version 9.1.0. | |||||