Export limit exceeded: 361804 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361804 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16973 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||||
| CVE-2019-16972 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||||
| CVE-2019-16971 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS. | ||||
| CVE-2019-16970 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||||
| CVE-2019-16969 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS. | ||||
| CVE-2019-16968 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. | ||||
| CVE-2019-16967 | 2 Freepbx, Sangoma | 2 Manager, Freepbx | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool&display=manager. | ||||
| CVE-2019-16966 | 2 Freepbx, Sangoma | 2 Contactmanager, Freepbx | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\admin\modules\contactmanager\Contactmanager.class.php), an unsanitized group variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. It can be requested via a GET request to /admin/ajax.php?module=contactmanager. | ||||
| CVE-2019-16965 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 7.2 High |
| resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data. | ||||
| CVE-2019-16964 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 8.8 High |
| app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit) to execute any commands on the host as www-data. | ||||
| CVE-2019-16962 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 5.4 Medium |
| Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report. | ||||
| CVE-2019-16961 | 1 Solarwinds | 1 Web Help Desk | 2024-11-21 | 5.4 Medium |
| SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name. | ||||
| CVE-2019-16960 | 1 Solarwinds | 1 Web Help Desk | 2024-11-21 | 5.4 Medium |
| SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name field. | ||||
| CVE-2019-16959 | 1 Solarwinds | 1 Webhelpdesk | 2024-11-21 | 6.5 Medium |
| SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket. | ||||
| CVE-2019-16958 | 1 Solarwinds | 1 Help Desk | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to inject arbitrary web script or HTML via Location Name. | ||||
| CVE-2019-16957 | 1 Solarwinds | 1 Webhelpdesk | 2024-11-21 | 5.4 Medium |
| SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account. | ||||
| CVE-2019-16956 | 1 Solarwinds | 1 Web Help Desk | 2024-11-21 | 5.4 Medium |
| SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket. | ||||
| CVE-2019-16955 | 1 Solarwinds | 1 Webhelpdesk | 2024-11-21 | 5.4 Medium |
| SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request. | ||||
| CVE-2019-16954 | 1 Solarwinds | 1 Web Help Desk | 2024-11-21 | 5.4 Medium |
| SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket. | ||||
| CVE-2019-16951 | 1 Enghouse | 1 Web Chat | 2024-11-21 | 5.3 Medium |
| A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace the localhost attribute with one's own domain name. When the product calls this domain after the POST request is sent, it retrieves an attacker's data and displays it. Also worth mentioning is the amount of information sent in the request from this product to the attacker: it reveals information the public should not have. This includes pathnames and internal ip addresses. | ||||