Total
41088 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-8334 | 1 Schoolcms | 1 Schoolcms | 2024-11-21 | N/A |
| An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&viewid=[XSS]. | ||||
| CVE-2019-8331 | 4 F5, Getbootstrap, Redhat and 1 more | 22 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 19 more | 2024-11-21 | 6.1 Medium |
| In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. | ||||
| CVE-2019-8290 | 1 Online Store System Project | 1 Online Store System | 2024-11-21 | 6.1 Medium |
| Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected. | ||||
| CVE-2019-8289 | 1 Online Store System Project | 1 Online Store System | 2024-11-21 | 5.4 Medium |
| Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable | ||||
| CVE-2019-8288 | 1 Online Store System Project | 1 Online Store System | 2024-11-21 | 5.4 Medium |
| Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized. | ||||
| CVE-2019-8279 | 1 Vanillaforums | 1 Vanilla Forums | 2024-11-21 | N/A |
| Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum. | ||||
| CVE-2019-8278 | 1 Invisioncommunity | 1 Invision Power Board | 2024-11-21 | N/A |
| Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution. | ||||
| CVE-2019-8233 | 1 Magento | 1 Magento | 2024-11-21 | 6.1 Medium |
| In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a result of the sanitization engine ignoring HTML comments. | ||||
| CVE-2019-8228 | 1 Magento | 1 Magento | 2024-11-21 | 4.8 Medium |
| in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template. | ||||
| CVE-2019-8227 | 1 Magento | 1 Magento | 2024-11-21 | 4.8 Medium |
| In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML. | ||||
| CVE-2019-8160 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2024-11-21 | 6.1 Medium |
| Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to information disclosure. | ||||
| CVE-2019-8157 | 1 Magento | 1 Magento | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate downloadable link and cause an invocation of error handling that acceses user input without sanitization. | ||||
| CVE-2019-8153 | 1 Magento | 1 Magento | 2024-11-21 | 6.1 Medium |
| A mitigation bypass to prevent cross-site scripting (XSS) exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Successful exploitation of this vulnerability would result in an attacker being able to bypass the `escapeURL()` function and execute a malicious XSS payload. | ||||
| CVE-2019-8152 | 1 Magento | 1 Magento | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to the wysiwyg editor can abuse the blockDirective() function and inject malicious javascript in the cache of the admin dashboard. | ||||
| CVE-2019-8148 | 1 Magento | 1 Magento | 2024-11-21 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when creating a content page via page builder. | ||||
| CVE-2019-8147 | 1 Magento | 1 Magento | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via customer attribute label. | ||||
| CVE-2019-8146 | 1 Magento | 1 Magento | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code when adding a new customer attribute for stores. | ||||
| CVE-2019-8145 | 1 Magento | 1 Magento | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into the attribute set name when listing the products. | ||||
| CVE-2019-8142 | 1 Magento | 1 Magento | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via title of an order when configuring sales payment methods for a store. | ||||
| CVE-2019-8139 | 1 Magento | 1 Magento | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary Javascript code into the dynamic block when invoking page builder on a product. | ||||