Total
41088 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-7868 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage tax rules. | ||||
| CVE-2019-7867 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to manage orders and order status. | ||||
| CVE-2019-7866 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to edit Product information via the TinyMCE editor. | ||||
| CVE-2019-7863 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A stored cross-site scripting vulnerability exists in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to products and categories. | ||||
| CVE-2019-7862 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | ||||
| CVE-2019-7853 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A stored cross-site scripting vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the tax notifications configuration in the Magento admin panel. | ||||
| CVE-2019-7753 | 1 Verydows | 1 Verydows | 2024-11-21 | N/A |
| Verydows 2.0 has XSS via the index.php?m=api&c=stats&a=count referrer parameter. | ||||
| CVE-2019-7748 | 1 Dbninja | 1 Dbninja | 2024-11-21 | N/A |
| _includes\online.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if _users/admin/tasks.php exists. | ||||
| CVE-2019-7744 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability. | ||||
| CVE-2019-7742 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector. | ||||
| CVE-2019-7741 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS. | ||||
| CVE-2019-7740 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector. | ||||
| CVE-2019-7693 | 1 Axiositalia | 1 Registro Elettronico | 2024-11-21 | N/A |
| Axios Italia Axios RE 1.7.0/7.0.0 devices have XSS via the RELogOff.aspx Error_Parameters parameter. In some situations, the XSS would be on the family.axioscloud.it cloud service; however, the vendor also supports "Sissi in Rete (con server)" for offline operation. | ||||
| CVE-2019-7687 | 1 Jio | 2 Jmr1140, Jmr1140 Firmware | 2024-11-21 | N/A |
| cgi-bin/qcmap_web_cgi on JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices has POST based reflected XSS via the Page parameter. No sanitization is performed for user input data. | ||||
| CVE-2019-7677 | 1 Enphase | 1 Envoy | 2024-11-21 | N/A |
| XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888. | ||||
| CVE-2019-7671 | 1 Primasystems | 1 Flexair | 2024-11-21 | 9.0 Critical |
| Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to scripts are not properly sanitized before being returned to the user, which may allow an attacker to execute arbitrary code in a user’s browser session in context of an affected site. | ||||
| CVE-2019-7661 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | N/A |
| An issue was discovered in PHPMyWind 5.5. The method parameter of the data/api/oauth/connect.php page has a reflected Cross-site Scripting (XSS) vulnerability. | ||||
| CVE-2019-7660 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | N/A |
| An issue was discovered in PHPMyWind 5.5. The username parameter of the /install/index.php page has a stored Cross-site Scripting (XSS) vulnerability, as demonstrated by admin/login.php. | ||||
| CVE-2019-7655 | 1 Wowza | 1 Streaming Engine | 2024-11-21 | 5.4 Medium |
| Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the (1) customList%5B0%5D.value field in enginemanager/server/serversetup/edit_adv.htm of the Server Setup configuration or the (2) host field in enginemanager/j_spring_security_check of the login form. This issue was resolved in Wowza Streaming Engine 4.8.5. | ||||
| CVE-2019-7646 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | N/A |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter. | ||||