Export limit exceeded: 45507 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45507 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-13488 | 1 Trape Project | 1 Trape | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability in static/js/trape.js in Trape through 2019-05-08 allows remote attackers to inject arbitrary web script or HTML via the country, query, or refer parameter to the /register URI, because the jQuery prepend() method is used. | ||||
| CVE-2019-13478 | 1 Yoast | 1 Yoast Seo | 2024-11-21 | 9.8 Critical |
| The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions. | ||||
| CVE-2019-13476 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | N/A |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email list page. | ||||
| CVE-2019-13474 | 1 Telestar | 22 Bobs Rock Radio, Bobs Rock Radio Firmware, Dabman D10 and 19 more | 2024-11-21 | 9.8 Critical |
| TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have insufficient access control for the /set_dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands. | ||||
| CVE-2019-13473 | 2 Auna, Telestar | 24 Connect 100, Connect 100 Firmware, Bobs Rock Radio and 21 more | 2024-11-21 | 9.8 Critical |
| TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have an undocumented TELNET service within the BusyBox subsystem, leading to root access. | ||||
| CVE-2019-13472 | 1 Phpwind | 1 Phpwind | 2024-11-21 | N/A |
| PHPWind 9.1.0 has XSS vulnerabilities in the c and m parameters of the index.php file. | ||||
| CVE-2019-13466 | 2 Sandisk, Westerndigital | 2 Ssd Dashboard, Ssd Dashboard | 2024-11-21 | 7.5 High |
| Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 have Incorrect Access Control. The “generate reports” archive is protected with a hard-coded password. An application update that addresses the protection of archive encryption is available. | ||||
| CVE-2019-13463 | 1 Quantumcloud | 1 Simple Link Directory | 2024-11-21 | 6.1 Medium |
| An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin before 7.3.5 for WordPress allows remote attackers to inject arbitrary web script or HTML, because esc_html is not called for the "echo get_the_title()" or "echo $term->name" statement. | ||||
| CVE-2019-13448 | 1 Sertek | 1 Xpare | 2024-11-21 | N/A |
| An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could exploit the vulnerable function in order to prepare an XSS payload to send to the product's clients. | ||||
| CVE-2019-13422 | 1 Search-guard | 1 Search Guard | 2024-11-21 | N/A |
| Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login. | ||||
| CVE-2019-13414 | 1 Boiteasite | 1 Rencontre | 2024-11-21 | 6.1 Medium |
| The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/rencontre_widget.php. | ||||
| CVE-2019-13407 | 2 Androvideo, Geovision | 6 Vd 1, Vd 1 Firmware, Gv-vd8700 and 3 more | 2024-11-21 | N/A |
| A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly. | ||||
| CVE-2019-13399 | 1 Fortinet | 2 Fcm-mb40, Fcm-mb40 Firmware | 2024-11-21 | N/A |
| Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation. | ||||
| CVE-2019-13397 | 1 Enhancesoft | 1 Osticket | 2024-11-21 | N/A |
| Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via arbitrary file extension while creating a support ticket. | ||||
| CVE-2019-13392 | 1 Mindpalette | 1 Natemail | 2024-11-21 | 6.1 Medium |
| A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid. | ||||
| CVE-2019-13389 | 1 Rainloop | 1 Webmail | 2024-11-21 | 6.1 Medium |
| RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header. | ||||
| CVE-2019-13387 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 6.1 Medium |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected XSS in filemanager2.php (parameter fm_current_dir) allows attackers to steal a cookie or session, or redirect to a phishing website. | ||||
| CVE-2019-13380 | 1 Keynto | 1 Team Password Manager | 2024-11-21 | N/A |
| KEYNTO Team Password Manager 1.5.0 allows XSS because data saved from websites is mishandled in the online vault. | ||||
| CVE-2019-13376 | 1 Phpbb | 1 Phpbb | 2024-11-21 | 6.5 Medium |
| phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS | ||||
| CVE-2019-13374 | 2 Dlink, Microsoft | 2 Central Wifimanager, Windows | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter. | ||||