Total
43780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-7336 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view _monitor_filters.php contains takes in input from the user and saves it into the session, and retrieves it later (insecurely). The values of the MonitorName and Source parameters are being displayed without any output filtration being applied. This relates to the view=cycle value. | ||||
| CVE-2019-7335 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value. | ||||
| CVE-2019-7334 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export (export.php) because proper filtration is omitted. | ||||
| CVE-2019-7333 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download (download.php) because proper filtration is omitted. | ||||
| CVE-2019-7332 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view download (download.php) because proper filtration is omitted. | ||||
| CVE-2019-7331 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check color" (monitor.php). There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack. | ||||
| CVE-2019-7330 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'show' parameter value in the view frame (frame.php) because proper filtration is omitted. | ||||
| CVE-2019-7329 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'] insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS. | ||||
| CVE-2019-7328 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) via /js/frame.js.php because proper filtration is omitted. | ||||
| CVE-2019-7327 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) because proper filtration is omitted. | ||||
| CVE-2019-7326 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. This relates to the index.php?view=monitor Host Name field. | ||||
| CVE-2019-7325 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper filtration. | ||||
| CVE-2019-7324 | 1 Kanboard | 1 Kanboard | 2024-11-21 | N/A |
| app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination sorting. | ||||
| CVE-2019-7299 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2024-11-21 | N/A |
| A stored cross-site scripting (XSS) vulnerability in the submit_ticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the subject parameter in wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/ajax/submit_ticket.php. | ||||
| CVE-2019-7296 | 1 Typora | 1 Typora | 2024-11-21 | N/A |
| typora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula. | ||||
| CVE-2019-7295 | 1 Typora | 1 Typora | 2024-11-21 | N/A |
| typora through 0.9.63 has XSS, with resultant remote command execution, during block rendering of a mathematical formula. | ||||
| CVE-2019-7255 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2024-11-21 | 6.1 Medium |
| Linear eMerge E3-Series devices allow XSS. | ||||
| CVE-2019-7250 | 1 Cross Reference Project | 1 Cross Reference | 2024-11-21 | N/A |
| An issue was discovered in the Cross Reference Add-on 36 for Google Docs. Stored XSS in the preview boxes in the configuration panel may allow a malicious user to use both label text and references text to inject arbitrary JavaScript code (via SCRIPT elements, event handlers, etc.). Since this code is stored by the plugin, the attacker may be able to target anyone who opens the configuration panel of the plugin. | ||||
| CVE-2019-7223 | 1 Invoiceplane | 1 Invoiceplane | 2024-11-21 | N/A |
| InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save invoice_password parameter, aka the "PDF password" field to the "Create Invoice" option. The XSS payload is rendered at an index.php/invoices/view/## URI. NOTE: this is different from CVE-2018-12255. | ||||
| CVE-2019-7220 | 1 Qualiteam | 1 X-cart | 2024-11-21 | N/A |
| X-Cart V5 is vulnerable to XSS via the CategoryFilter2 parameter. | ||||