Total
41073 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-6159 | 1 Lenovo | 30 Bladecenter Hs22, Bladecenter Hs22 Firmware, Bladecenter Hs22v and 27 more | 2024-11-21 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause JavaScript code to be stored in the IMM log which may then be executed in the user's web browser when IMM log records containing the JavaScript code are viewed. The JavaScript code is not executed on IMM itself. The later IMM2 (IMM v2) is not affected. | ||||
| CVE-2019-6146 | 1 Forcepoint | 1 Web Security | 2024-11-21 | 6.1 Medium |
| It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host header injection. CVSSv3.0: 5.3 (Medium) (/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) | ||||
| CVE-2019-6142 | 1 Forcepoint | 2 Email Security, Security Manager | 2024-11-21 | 6.1 Medium |
| It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue. | ||||
| CVE-2019-6117 | 1 Wpape | 1 Ape Gallery | 2024-11-21 | N/A |
| The wpape APE GALLERY plugin 1.6.14 for WordPress has stored XSS via the classGallery.php getCategories function. | ||||
| CVE-2019-6112 | 1 Graphpaperpress | 1 Sell Media | 2024-11-21 | 6.1 Medium |
| A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field). | ||||
| CVE-2019-6036 | 1 F-revocrm | 1 F-revocrm | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 patch6 (version 6 series) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2019-6033 | 1 Appleple | 1 A-blog Cms | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2019-6031 | 1 Dayz | 1 Kinza | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in KINZA for Windows version 5.9.2 and earlier and for Mac version 5.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via RSS reader. | ||||
| CVE-2019-6029 | 1 Custom Body Class Project | 1 Custom Body Class | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2019-6018 | 1 Netcommons | 1 Netcommons | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in NetCommons 3.2.2 and earlier (NetCommons3.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2019-6016 | 1 Remise | 1 Payment Module | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2019-6011 | 1 Tms-outsource | 1 Wpdatatables Lite | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2019-6003 | 1 Ec-cube | 1 Amazon Pay | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2019-6002 | 1 Central Dogma Project | 1 Central Dogma | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in Central Dogma 0.17.0 to 0.40.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2019-5989 | 1 Anglers-net | 1 Cgi An-anlyzer | 2024-11-21 | 6.1 Medium |
| DOM-based cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Analysis Object Page. | ||||
| CVE-2019-5988 | 1 Anglers-net | 1 Cgi An-anlyzer | 2024-11-21 | 6.1 Medium |
| Stored cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Management Page. | ||||
| CVE-2019-5985 | 2 Ntt-east, Ntt-west | 92 Pr-400ki, Pr-400ki Firmware, Pr-400mi and 89 more | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2019-5975 | 1 Cybozu | 1 Garoon | 2024-11-21 | 5.4 Medium |
| DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2019-5972 | 1 Sukimalab | 1 Online Lesson Booking | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in Online Lesson Booking 0.8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2019-5970 | 1 Sukimalab | 1 Attendance Manager | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||