Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19386 | 1 Solarwinds | 1 Database Performance Analyzer | 2019-08-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI. | |||||
| CVE-2016-6858 | 1 Sap | 1 Hybris | 2019-08-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Create Employee feature in Hybris Management Console (HMC) in SAP Hybris before 5.0.4.11, 5.1.0.x before 5.1.0.11, 5.1.1.x before 5.1.1.12, 5.2.0.x and 5.3.0.x before 5.3.0.10, 5.4.x before 5.4.0.9, 5.5.0.x before 5.5.0.9, 5.5.1.x before 5.5.1.10, 5.6.x before 5.6.0.8, and 5.7.x before 5.7.0.9 allows remote authenticated users to inject arbitrary web script or HTML via the Name field. | |||||
| CVE-2019-11013 | 1 Softvelum | 1 Nimble Streamer | 2019-08-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of the restricted directory on the remote server. | |||||
| CVE-2019-11585 | 1 Atlassian | 1 Jira | 2019-08-27 | 5.8 MEDIUM | 6.1 MEDIUM |
| The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect. | |||||
| CVE-2019-11587 | 1 Atlassian | 1 Jira | 2019-08-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF). | |||||
| CVE-2019-11586 | 1 Atlassian | 1 Jira | 2019-08-27 | 4.3 MEDIUM | 4.3 MEDIUM |
| The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability. | |||||
| CVE-2019-11588 | 1 Atlassian | 1 Jira | 2019-08-27 | 4.3 MEDIUM | 4.3 MEDIUM |
| The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability. | |||||
| CVE-2019-3967 | 1 Open-emr | 1 Openemr | 2019-08-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| In OpenEMR 5.0.1 and earlier, the patient file download interface contains a directory traversal flaw that allows authenticated attackers to download arbitrary files from the host system. | |||||
| CVE-2019-14221 | 1 1crm | 1 1crm On-premise | 2019-08-27 | 3.5 LOW | 5.4 MEDIUM |
| 1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation. | |||||
| CVE-2019-15520 | 1 Comelz | 1 Quark | 2019-08-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| comelz Quark before 2019-03-26 allows directory traversal to locations outside of the project directory. | |||||
| CVE-2019-11140 | 1 Intel | 8 Compute Card Cd1iv128mk, Compute Card Firmware, Compute Stick Firmware and 5 more | 2019-08-27 | 4.6 MEDIUM | 6.7 MEDIUM |
| Insufficient session validation in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | |||||
| CVE-2019-15518 | 1 Swoole | 1 Swoole | 2019-08-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler. | |||||
| CVE-2019-13476 | 1 Centos-webpanel | 1 Centos Web Panel | 2019-08-27 | 3.5 LOW | 5.4 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email list page. | |||||
| CVE-2018-20986 | 1 Advancedcustomfields | 1 Advanced Custom Fields | 2019-08-27 | 3.5 LOW | 5.4 MEDIUM |
| The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors. | |||||
| CVE-2014-10377 | 1 Cformsii Project | 1 Cformsii | 2019-08-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php. | |||||
| CVE-2019-15488 | 1 Igniterealtime | 1 Openfire | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test. | |||||
| CVE-2019-14430 | 1 Youphptube | 1 Youphptube | 2019-08-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection. | |||||
| CVE-2019-15476 | 1 Former Project | 1 Former | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Former before 4.2.1 has XSS via a checkbox value. | |||||
| CVE-2019-15482 | 1 Selectize-plugin-a11y Project | 1 Selectize-plugin-a11y | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| selectize-plugin-a11y before 1.1.0 has XSS via the msg field. | |||||
| CVE-2019-3966 | 1 Open-emr | 1 Openemr | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreign_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session. | |||||
| CVE-2019-11584 | 1 Atlassian | 1 Jira | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority. | |||||
| CVE-2018-12101 | 1 Clippercms | 1 Clippercms | 2019-08-26 | 3.5 LOW | 5.4 MEDIUM |
| CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields. | |||||
| CVE-2019-14427 | 1 Webstudio | 1 Ultimate Loan Manager | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch under the Branches button that sets the notes parameter with crafted JavaScript code. | |||||
| CVE-2019-15487 | 1 Schoolexperience | 1 Department For Education School Experience | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| DfE School Experience before v16333-GA has XSS via a teacher training URL. | |||||
| CVE-2019-15492 | 1 It-novum | 1 Openitcockpit | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21. | |||||
| CVE-2019-15489 | 1 Laracom | 1 Laracom | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| laracom (aka Laravel FREE E-Commerce Software) 1.4.11 has search?q= XSS. | |||||
| CVE-2019-15481 | 1 Kimai | 1 Kimai 2 | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Kimai v2 before 1.1 has XSS via a timesheet description. | |||||
| CVE-2019-15477 | 1 Jooby | 1 Jooby | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jooby before 1.6.4 has XSS via the default error handler. | |||||
| CVE-2019-2135 | 1 Google | 1 Android | 2019-08-26 | 7.1 HIGH | 5.5 MEDIUM |
| In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-125900276. | |||||
| CVE-2019-15486 | 1 Django Js Reverse Project | 1 Django Js Reserve | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline. | |||||
| CVE-2019-15480 | 1 Domoticz | 1 Domoticz | 2019-08-26 | 3.5 LOW | 5.4 MEDIUM |
| Domoticz 4.10717 has XSS via item.Name. | |||||
| CVE-2014-10385 | 1 Memphis Documents Library Project | 1 Memphis Documents Library | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST. | |||||
| CVE-2013-7482 | 1 Reflex Gallery Project | 1 Reflex Gallery | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The reflex-gallery plugin before 1.4.3 for WordPress has XSS. | |||||
| CVE-2019-15317 | 1 Impress | 1 Givewp | 2019-08-26 | 3.5 LOW | 5.4 MEDIUM |
| The give plugin before 2.4.7 for WordPress has XSS via a donor name. | |||||
| CVE-2019-15095 | 1 Diaowen | 1 Dwsurvey | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter. | |||||
| CVE-2016-6154 | 2 Microsoft, Watchguard | 2 Windows, Fireware | 2019-08-26 | 5.8 MEDIUM | 6.1 MEDIUM |
| The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect). | |||||
| CVE-2019-15532 | 1 Gchq | 1 Cyberchef | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs. | |||||
| CVE-2017-18575 | 1 Newstatpress Project | 1 Newstatpress | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues. | |||||
| CVE-2017-18574 | 1 Ninjaforms | 1 Ninja Forms | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder. | |||||
| CVE-2017-18572 | 1 Sir | 1 Gnucommerce | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The gnucommerce plugin before 1.4.2 for WordPress has XSS. | |||||
| CVE-2019-15478 | 1 Status Board Project | 1 Status Board | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Status Board 1.1.81 has reflected XSS via logic.ts. | |||||
| CVE-2016-10920 | 1 Sir | 1 Gnucommerce | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS. | |||||
| CVE-2016-10919 | 1 Wassup Real Time Analytics Project | 1 Wassup Real Time Analytics | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::add_siteurl method, a different vulnerability than CVE-2012-2633. | |||||
| CVE-2018-20983 | 1 Meowapps | 1 Wp Retina 2x | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-retina-2x plugin before 5.2.3 for WordPress has XSS. | |||||
| CVE-2017-18582 | 1 Time Sheets Project | 1 Time Sheets | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The time-sheets plugin before 1.5.2 for WordPress has multiple XSS issues. | |||||
| CVE-2019-5594 | 1 Fortinet | 1 Fortinac | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. | |||||
| CVE-2019-0338 | 1 Sap | 1 Gateway | 2019-08-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure. | |||||
| CVE-2019-0337 | 1 Sap | 1 Netweaver Process Integration | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting (XSS) vulnerability | |||||
| CVE-2019-0335 | 1 Sap | 1 Businessobjects Business Intelligence | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Under certain conditions SAP BusinessObjects Business Intelligence Platform (Central Management Console), versions 4.1, 4.2, 4.3, allows an attacker to store a malicious payload within the description field of a user account. The payload is triggered when the mouse cursor is moved over the description field in the list, when generating the little yellow informational pop up box, resulting in Stored Cross Site Scripting Attack. | |||||
| CVE-2018-20975 | 1 Fatfreecrm | 1 Fat Free Crm | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/tags_helper.rb. | |||||