Total
41076 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-7411 | 1 Mythemeshop | 1 Launcher | 2024-11-21 | N/A |
| Multiple stored cross-site scripting (XSS) in the MyThemeShop Launcher plugin 1.0.8 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via fields as follows: (1) Title, (2) Favicon, (3) Meta Description, (4) Subscribe Form (Name field label, Last name field label, Email field label), (5) Contact Form (Name field label and Email field label), and (6) Social Links (Facebook Page URL, Twitter Page URL, Instagram Page URL, YouTube Page URL, Linkedin Page URL, Google+ Page URL, RSS URL). | ||||
| CVE-2019-7410 | 1 Galileo Cms Project | 1 Galileo Cms | 2024-11-21 | 6.1 Medium |
| There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $page_title in /lib/Galileo/files/templates/page/show.html.ep (aka the PAGE TITLE Field). | ||||
| CVE-2019-7409 | 1 Vegadesign | 1 Profiledesign Cms | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ProfileDesign CMS v6.0.2.5 allows remote attackers to inject arbitrary web script or HTML via the (1) page, (2) gbs, (3) side, (4) id, (5) imgid, (6) cat, or (7) orderby parameter. | ||||
| CVE-2019-7402 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | N/A |
| An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg_qqcode parameter. This can be exploited via CSRF. | ||||
| CVE-2019-7400 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 6.1 Medium |
| Rukovoditel before 2.4.1 allows XSS. | ||||
| CVE-2019-7356 | 1 Intelliants | 1 Subrion | 2024-11-21 | 5.4 Medium |
| Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter. | ||||
| CVE-2019-7352 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'state' (aka Run State) (state.php) does no input validation to the value supplied to the 'New State' (aka newState) field, allowing an attacker to execute HTML or JavaScript code. | ||||
| CVE-2019-7349 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in the view monitor (monitor.php) because proper filtration is omitted. | ||||
| CVE-2019-7348 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user (user.php) because proper filtration is omitted. | ||||
| CVE-2019-7345 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php. | ||||
| CVE-2019-7344 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on the web page without applying any proper filtration. | ||||
| CVE-2019-7343 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view monitor (monitor.php) because proper filtration is omitted. | ||||
| CVE-2019-7342 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because proper filtration is omitted. | ||||
| CVE-2019-7341 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in the view monitor (monitor.php) because proper filtration is omitted. | ||||
| CVE-2019-7340 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted. | ||||
| CVE-2019-7339 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log (log.php) because proper filtration is omitted. | ||||
| CVE-2019-7338 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration. | ||||
| CVE-2019-7337 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view 'events' (events.php) insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader() in functions.php, which insecurely returns the value of the limit query string parameter without applying any filtration. | ||||
| CVE-2019-7336 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view _monitor_filters.php contains takes in input from the user and saves it into the session, and retrieves it later (insecurely). The values of the MonitorName and Source parameters are being displayed without any output filtration being applied. This relates to the view=cycle value. | ||||
| CVE-2019-7335 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value. | ||||