Export limit exceeded: 346387 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45568 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45568 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19222 | 1 Dlink | 2 Dsl-2680, Dsl-2680 Firmware | 2024-11-21 | 5.4 Medium |
| A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wireless_autonetwork_1 POST request. | ||||
| CVE-2019-19212 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 9.8 Critical |
| Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen). | ||||
| CVE-2019-19211 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 6.1 Medium |
| Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS. | ||||
| CVE-2019-19210 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 5.4 Medium |
| Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files. | ||||
| CVE-2019-19206 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 5.4 Medium |
| Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture. | ||||
| CVE-2019-19198 | 1 Scoutnet | 1 Kalender | 2024-11-21 | 5.4 Medium |
| The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS. | ||||
| CVE-2019-19134 | 1 Heroplugins | 1 Hero Maps Premium | 2024-11-21 | 6.1 Medium |
| The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index.php p parameter because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to inject HTML or arbitrary JavaScript within the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based tokens or to launch other attacks. | ||||
| CVE-2019-19133 | 1 Csshero | 1 Csshero | 2024-11-21 | 6.1 Medium |
| The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected XSS via the URI in a csshero_action=edit_page request because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary JavaScript in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookies or launch other attacks. | ||||
| CVE-2019-19129 | 1 Afterlogic | 2 Aurora, Webmail Pro | 2024-11-21 | 6.1 Medium |
| Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name. | ||||
| CVE-2019-19112 | 1 Gvectors | 1 Wpforo | 2024-11-21 | 6.1 Medium |
| The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw-td-value class of dashboard.php. | ||||
| CVE-2019-19111 | 1 Gvectors | 1 Wpforo | 2024-11-21 | 6.1 Medium |
| The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases langid parameter. | ||||
| CVE-2019-19110 | 1 Gvectors | 1 Wpforo | 2024-11-21 | 4.8 Medium |
| The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s parameter. | ||||
| CVE-2019-19108 | 1 Br-automation | 2 Automation Runtime, Automation Studio | 2024-11-21 | 9.4 Critical |
| An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP. | ||||
| CVE-2019-19095 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 5.4 Medium |
| Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database. | ||||
| CVE-2019-19085 | 1 Octopus | 1 Server | 2024-11-21 | 5.4 Medium |
| A persistent cross-site scripting (XSS) vulnerability in Octopus Server 3.4.0 through 2019.10.5 allows remote authenticated attackers to inject arbitrary web script or HTML. | ||||
| CVE-2019-19040 | 1 Kairosdb Project | 1 Kairosdb | 2024-11-21 | 6.1 Medium |
| KairosDB through 1.2.2 has XSS in view.html because of showErrorMessage in js/graph.js, as demonstrated by view.html?q= with a '"sampling":{"value":"<script>' substring. | ||||
| CVE-2019-19033 | 1 Jalios | 1 Jcms | 2024-11-21 | 9.8 Critical |
| Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password. | ||||
| CVE-2019-19021 | 1 Titanhq | 1 Webtitan | 2024-11-21 | 9.8 Critical |
| An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can log in with this account. | ||||
| CVE-2019-19017 | 1 Titanhq | 1 Webtitan | 2024-11-21 | 8.1 High |
| An issue was discovered in TitanHQ WebTitan before 5.18. The appliance has a hard-coded root password set during installation. An attacker could utilize this to gain root privileges on the system. | ||||
| CVE-2019-19003 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 5.3 Medium |
| For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting. | ||||