Total
41044 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-18982 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 6.1 Medium |
| bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header. | ||||
| CVE-2019-18957 | 1 Microstrategy | 1 Microstrategy Library | 2024-11-21 | 6.1 Medium |
| Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS. | ||||
| CVE-2019-18955 | 1 Lansweeper | 1 Lansweeper | 2024-11-21 | 6.1 Medium |
| The web console in Lansweeper 7.2.105.2 has XSS via the URL path. Product vulnerability has been fixed and disclosed within changelog as of 02 Dec 2019. | ||||
| CVE-2019-18944 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 4.9 Medium |
| Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS. | ||||
| CVE-2019-18942 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 5.5 Medium |
| Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding. | ||||
| CVE-2019-18926 | 1 Systematicinc | 1 Iris Standards Management | 2024-11-21 | 6.1 Medium |
| Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable to unauthenticated reflected Cross Site Scripting (XSS). A user input (related to dialog information) is reflected directly in the web page, allowing a malicious user to conduct a Cross Site Scripting attack against users of the application. | ||||
| CVE-2019-18923 | 1 Go-camo Project | 1 Go-camo | 2024-11-21 | 6.1 Medium |
| Insufficient content type validation of proxied resources in go-camo before 2.1.1 allows a remote attacker to serve arbitrary content from go-camo's origin. | ||||
| CVE-2019-18914 | 1 Hp | 755 Digital Sender Flow 8500 Fn2 Document Capture Workstation L2762a, Futuresmart 3, Futuresmart 4 and 752 more | 2024-11-21 | 6.1 Medium |
| A potential security vulnerability has been identified for certain HP printers and MFPs that would allow redirection page Cross-Site Scripting in a client’s browser by clicking on a third-party malicious link. | ||||
| CVE-2019-18893 | 3 Avast, Avg, Video Downloader Project | 3 Secure Browser, Secure Browser, Video Downloader | 2024-11-21 | 6.1 Medium |
| XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component. While Video Downloader is technically a browser extension, it is granted a very wide set of privileges and can for example access cookies and browsing history, spy on the user while they are surfing the web, and alter their surfing experience in almost arbitrary ways. | ||||
| CVE-2019-18883 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 6.1 Medium |
| XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field. | ||||
| CVE-2019-18882 | 1 Wso2 | 1 Identity Server | 2024-11-21 | 6.1 Medium |
| WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled. | ||||
| CVE-2019-18881 | 1 Wso2 | 1 Identity Server | 2024-11-21 | 6.1 Medium |
| WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile. | ||||
| CVE-2019-18873 | 1 Fudforum | 1 Fudforum | 2024-11-21 | 9.0 Critical |
| FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php. | ||||
| CVE-2019-18859 | 1 Digi | 2 Anywhereusb\/14, Anywhereusb\/14 Firmware | 2024-11-21 | 6.1 Medium |
| Digi AnywhereUSB 14 allows XSS via a link for the Digi Page. | ||||
| CVE-2019-18857 | 1 Svg-sanitizer Project | 1 Svg-sanitizer | 2024-11-21 | 7.5 High |
| darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript	:alert substring. | ||||
| CVE-2019-18842 | 1 Usriot | 8 Usr-wifi232-g2, Usr-wifi232-g2 Firmware, Usr-wifi232-h and 5 more | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the configuration web interface of the Jinan USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module with web version 1.2.2 allows attackers to leak credentials of the Wi-Fi access point the module is logged into, and the web interface login credentials, by opening a Wi-Fi access point nearby with a malicious SSID. | ||||
| CVE-2019-18839 | 1 Fudforum | 1 Fudforum | 2024-11-21 | 9.0 Critical |
| FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. | ||||
| CVE-2019-18834 | 1 Woocommerce | 1 Subscriptions | 2024-11-21 | 6.1 Medium |
| Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCS_Admin_Post_Types in class-wcs-admin-post-types.php. | ||||
| CVE-2019-18816 | 1 Popojicms | 1 Popojicms | 2024-11-21 | 6.1 Medium |
| po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows post[1][content]= stored XSS. | ||||
| CVE-2019-18793 | 1 Parallels | 1 Parallels Plesk Panel | 2024-11-21 | 6.1 Medium |
| Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/index.htm? via the "fileName" parameter. | ||||