Export limit exceeded: 346647 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45589 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45589 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-6341 | 3 Debian, Drupal, Fedoraproject | 3 Debian Linux, Drupal, Fedora | 2024-11-21 | N/A |
| In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2019-6332 | 1 Hp | 104 Deskjet 2600 4uj28b, Deskjet 2600 4uj28b Firmware, Deskjet 2600 V1n01a and 101 more | 2024-11-21 | 4.8 Medium |
| A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS). Affected products and versions include: HP DeskJet 2600 All-in-One Printer series model numbers 4UJ28B, V1N01A - V1N08A, Y5H60A - Y5H80A; HP DeskJet Ink Advantage 2600 All-in-One Printer series model numbers V1N02A - V1N02B, Y5Z00A - Y5Z04B; HP DeskJet Ink Advantage 5000 All-in-One Printer series model numbers M2U86A - M2U89B; HP DeskJet Ink Advantage 5200 All-in-One Printer series model numbers M2U76A - M2U78B; HP ENVY 5000 All-in-One Printer series model numbers M2U85A - M2U85B, M2U91A - M2U94B, Z4A54A - Z4A74A; HP ENVY Photo 6200 All-in-One Printer series model numbers K7G18A-K7G26B, K7S21B, Y0K13D - Y0K15A; HP ENVY Photo 7100 All-in-One Printer series model numbers 3XD89A, K7G93A-K7G99A, Z3M37A - Z3M52A; HP ENVY Photo 7800 All-in-One Printer series model numbers K7R96A, K7S00A - K7S10D, Y0G42D - Y0G52B; HP Ink Tank Wireless 410 series model numbers Z4B53A - Z4B55A, Z6Z95A - Z6Z99A, 4DX94A - 4DX95A, 4YF79A, Z7A01A; HP OfficeJet 5200 All-in-One Printer series model numbers M2U75A, M2U81A-M2U84B, Z4B12A - Z4B14A, Z4B27A - Z4B29A; HP Smart Tank Wireless 450 series model numbers Z4B56A, Z6Z96A - Z6Z98A. | ||||
| CVE-2019-6324 | 1 Hp | 20 T6b80a, T6b80a Firmware, T6b81a and 17 more | 2024-11-21 | N/A |
| HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page | ||||
| CVE-2019-6323 | 1 Hp | 20 T6b80a, T6b80a Firmware, T6b81a and 17 more | 2024-11-21 | N/A |
| HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to reflected XSS in wireless configuration page. | ||||
| CVE-2019-6278 | 1 Jpress | 1 Jpress | 2024-11-21 | N/A |
| XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option. | ||||
| CVE-2019-6267 | 1 Premiumwpsuite | 1 Easy Redirect Manager | 2024-11-21 | N/A |
| The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for WordPress has XSS via a crafted GET request that is mishandled during log viewing at the templates/admin/redirect-log.php URI. | ||||
| CVE-2019-6264 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability. | ||||
| CVE-2019-6263 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS. | ||||
| CVE-2019-6262 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS. | ||||
| CVE-2019-6261 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability. | ||||
| CVE-2019-6248 | 1 Citysearch \/ Hotfrog \/ Gelbeseiten Clone Script Project | 1 Citysearch \/ Hotfrog \/ Gelbeseiten Clone Script | 2024-11-21 | N/A |
| PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 has Reflected XSS via the srch parameter, as demonstrated by restaurants-details.php. | ||||
| CVE-2019-6243 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | N/A |
| Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI). | ||||
| CVE-2019-6229 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2024-11-21 | N/A |
| A logic issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to universal cross site scripting. | ||||
| CVE-2019-6228 | 1 Apple | 2 Iphone Os, Safari | 2024-11-21 | N/A |
| A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue is fixed in iOS 12.1.3, Safari 12.0.3. Processing maliciously crafted web content may lead to a cross site scripting attack. | ||||
| CVE-2019-6204 | 1 Apple | 2 Iphone Os, Safari | 2024-11-21 | 6.1 Medium |
| A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting. | ||||
| CVE-2019-6181 | 1 Lenovo | 1 Xclarity Administrator | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The JavaScript code is not executed on LXCA itself. | ||||
| CVE-2019-6180 | 1 Lenovo | 1 Xclarity Administrator | 2024-11-21 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not executed on LXCA itself. | ||||
| CVE-2019-6159 | 1 Lenovo | 30 Bladecenter Hs22, Bladecenter Hs22 Firmware, Bladecenter Hs22v and 27 more | 2024-11-21 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause JavaScript code to be stored in the IMM log which may then be executed in the user's web browser when IMM log records containing the JavaScript code are viewed. The JavaScript code is not executed on IMM itself. The later IMM2 (IMM v2) is not affected. | ||||
| CVE-2019-6146 | 1 Forcepoint | 1 Web Security | 2024-11-21 | 6.1 Medium |
| It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host header injection. CVSSv3.0: 5.3 (Medium) (/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) | ||||
| CVE-2019-6142 | 1 Forcepoint | 2 Email Security, Security Manager | 2024-11-21 | 6.1 Medium |
| It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue. | ||||