Total
40868 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12748 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 6.1 Medium |
| TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS. | ||||
| CVE-2019-12745 | 1 Seeddms | 1 Seeddms | 2024-11-21 | N/A |
| out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site Scripting (XSS) via the name field. | ||||
| CVE-2019-12741 | 1 Fhir | 1 Hapi Fhir | 2024-11-21 | N/A |
| XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafted URL. (This module is not generally used in production systems so the attack surface is expected to be low, but affected systems are recommended to upgrade immediately.) | ||||
| CVE-2019-12732 | 1 Chartkick Project | 1 Chartkick | 2024-11-21 | N/A |
| The Chartkick gem through 3.1.0 for Ruby allows XSS. | ||||
| CVE-2019-12724 | 1 Teclib-edition | 1 News | 2024-11-21 | 6.1 Medium |
| An issue was discovered in the Teclib News plugin through 1.5.2 for GLPI. It allows a stored XSS attack via the $_POST['name'] parameter. | ||||
| CVE-2019-12597 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via ResourcesAttachments.jsp with the parameter pageName. | ||||
| CVE-2019-12596 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType. | ||||
| CVE-2019-12595 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter. | ||||
| CVE-2019-12592 | 1 Evernote | 1 Web Clipper | 2024-11-21 | N/A |
| A universal Cross-site scripting (UXSS) vulnerability in the Evernote Web Clipper extension before 7.11.1 for Chrome allows remote attackers to run arbitrary web script or HTML in the context of any loaded 3rd-party IFrame. | ||||
| CVE-2019-12584 | 2 Apcupsd, Netgate | 2 Apcupsd, Pfsense | 2024-11-21 | N/A |
| Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php. | ||||
| CVE-2019-12581 | 1 Zyxel | 18 Uag2100, Uag2100 Firmware, Uag4100 and 15 more | 2024-11-21 | N/A |
| A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the err_msg parameter. | ||||
| CVE-2019-12566 | 1 Veronalabs | 1 Wp Statistics | 2024-11-21 | N/A |
| The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that contains JavaScript, to attack an admin user. | ||||
| CVE-2019-12562 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | 6.1 Medium |
| Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting. | ||||
| CVE-2019-12543 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter. | ||||
| CVE-2019-12542 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter. | ||||
| CVE-2019-12541 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter. | ||||
| CVE-2019-12540 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field. | ||||
| CVE-2019-12539 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 6.1 Medium |
| An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189. | ||||
| CVE-2019-12538 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field. | ||||
| CVE-2019-12537 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field. | ||||