Total
41010 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-18209 | 1 Etherpad | 1 Etherpad | 2024-11-21 | 6.1 Medium |
| templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer. | ||||
| CVE-2019-18207 | 1 Zucchetti | 1 Infobusiness | 2024-11-21 | 5.4 Medium |
| In Zucchetti InfoBusiness before and including 4.4.1, an authenticated user can inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component. The payload will be triggered every time a user browses the reports page. | ||||
| CVE-2019-18205 | 1 Zucchetti | 1 Infobusiness | 2024-11-21 | 6.1 Medium |
| Multiple Reflected Cross-site Scripting (XSS) vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1. The browsing component did not properly sanitize user input (encoded in base64). This also applies to the search functionality for the searchKey parameter. | ||||
| CVE-2019-18203 | 1 Ricoh | 2 Mp 501, Mp 501 Firmware | 2024-11-21 | 6.1 Medium |
| On the RICOH MP 501 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn and KeyDisplay parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | ||||
| CVE-2019-17674 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 5.4 Medium |
| WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer. | ||||
| CVE-2019-17672 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 6.1 Medium |
| WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements. | ||||
| CVE-2019-17663 | 2 D-link, Dlink | 2 Dir-866l Firmware, Dir-866l | 2024-11-21 | 6.1 Medium |
| D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessage in the device common gateway interface, leading to common injection. | ||||
| CVE-2019-17660 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATH_INFO. | ||||
| CVE-2019-17651 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | 5.4 Medium |
| An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious JavaScript code into the description field of a Device Maintenance schedule. | ||||
| CVE-2019-17634 | 1 Eclipse | 1 Memory Analyzer | 2024-11-21 | 9.0 Critical |
| Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. The user must chose todownload, open the malicious heap dump and generate an HTML report for the problem to occur. The heap dump could be specially crafted, or could come from a crafted application or from an application processing malicious data. The vulnerability is present whena report is generated and opened from the Memory Analyzer graphical user interface, or when a report generated in batch mode is then opened in Memory Analyzer or by a web browser. The vulnerability could possibly allow code execution on the local system whenthe report is opened in Memory Analyzer. | ||||
| CVE-2019-17632 | 1 Eclipse | 1 Jetty | 2024-11-21 | 6.1 Medium |
| In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in stacktraces included in error output. | ||||
| CVE-2019-17630 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 4.8 Medium |
| CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen. | ||||
| CVE-2019-17629 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 4.8 Medium |
| CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen. | ||||
| CVE-2019-17625 | 1 Rambox | 1 Rambox | 2024-11-21 | 9.0 Critical |
| There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for Node.js and Electron, such as an exec of OS commands within the onerror attribute of an IMG element. | ||||
| CVE-2019-17611 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 6.1 Medium |
| HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter. | ||||
| CVE-2019-17610 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 6.1 Medium |
| HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter. | ||||
| CVE-2019-17609 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 6.1 Medium |
| HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter. | ||||
| CVE-2019-17608 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 6.1 Medium |
| HongCMS 3.0.0 has XSS via the install/index.php dbname parameter. | ||||
| CVE-2019-17607 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 6.1 Medium |
| HongCMS 3.0.0 has XSS via the install/index.php servername parameter. | ||||
| CVE-2019-17606 | 1 Hexo-admin Project | 1 Hexo-admin | 2024-11-21 | 6.1 Medium |
| The Post editor functionality in the hexo-admin plugin versions 2.3.0 and earlier for Node.js is vulnerable to stored XSS via the content of a post. | ||||