Total
43716 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17204 | 1 Teampass | 1 Teampass | 2024-11-21 | 5.4 Medium |
| TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item. | ||||
| CVE-2019-17203 | 1 Teampass | 1 Teampass | 2024-11-21 | 5.4 Medium |
| TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder. | ||||
| CVE-2019-17189 | 1 Totemo | 1 Totemodata | 2024-11-21 | 5.4 Medium |
| totemodata 3.0.0_b936 has XSS via a folder name. | ||||
| CVE-2019-17179 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.1 Medium |
| 4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5.0.0, 5.0.0.5, 5.0.0.6, 5.0.1, 5.0.1.1, 5.0.1.2, 5.0.1.3, 5.0.1.4, 5.0.1.5, 5.0.1.6, 5.0.1.7, 5.0.2, fixed in version 5.0.2.1 | ||||
| CVE-2019-17176 | 1 Genesys | 1 Eservices Chat | 2024-11-21 | 6.1 Medium |
| Genesys PureEngage Digital (eServices) 8.1.x allows XSS via HtmlChatPanel.jsp or HtmlChatFrameSet.jsp (ActionColor, ClientNickNameColor, Email, email, or email_address parameter). | ||||
| CVE-2019-17127 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 6.1 Medium |
| A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation. | ||||
| CVE-2019-17125 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 6.1 Medium |
| A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. | ||||
| CVE-2019-17121 | 1 Vanderbilt | 1 Redcap | 2024-11-21 | 5.4 Medium |
| REDCap before 9.3.4 has XSS on the Customize & Manage Locking/E-signatures page via Lock Record Custom Text values. | ||||
| CVE-2019-17120 | 1 Wikidsystems | 1 2fa Enterprise Server | 2024-11-21 | 6.1 Medium |
| A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/adm_usrs.jsp. The usr parameter is vulnerable: the reflected cross-site scripting occurs immediately after the user is created. The malicious script is stored and will be executed whenever /WiKIDAdmin/adm_usrs.jsp is visited. | ||||
| CVE-2019-17116 | 1 Wikidsystems | 1 Two Factor Authentication Enterprise Server | 2024-11-21 | 6.1 Medium |
| A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/groups.jsp. The groupName parameter is vulnerable: the reflected cross-site scripting occurs immediately after the group is created. The malicious script is stored and will be executed again whenever /WiKIDAdmin/groups.jsp is visited. | ||||
| CVE-2019-17115 | 1 Wikidsystems | 1 Two Factor Authentication Enterprise Server | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The rendered_message column is retrieved and displayed, unsanitized, on Logs.jsp. A remote attack can populate the rendered_message column with malicious values via: (1) H parameter to /wikid/servlet/com.wikidsystems.server.GetDomainHash (2) S parameter to: - /wikid/DomainData - /wikid/PreRegisterLookup - /wikid/PreRegister - /wikid/InitDevice - /wikid/servlet/InitDevice2S - /wikid/servlet/InitDevice3S - /servlet/com.wikidsystems.server.InitDevice2S - /servlet/com.wikidsystems.server.InitDevice3S - /servlet/com.wikidsystems.server.InitDevice4S - /wikid/servlet/com.wikidsystems.server.InitDevice4AES - /wikid/servlet/com.wikidsystems.server.InitDevice5AES (3) a parameter to: - /wikid/PreRegisterLookup - /wikid/InitDevice - /wikid/servlet/InitDevice2S - /wikid/servlet/InitDevice3S - /servlet/com.wikidsystems.server.InitDevice2S - /servlet/com.wikidsystems.server.InitDevice3S - /servlet/com.wikidsystems.server.InitDevice4S - /wikid/servlet/com.wikidsystems.server.InitDevice4AES - /wikid/servlet/com.wikidsystems.server.InitDevice5AES. | ||||
| CVE-2019-17114 | 1 Wikidsystems | 1 Two Factor Authentication Enterprise Server | 2024-11-21 | 6.1 Medium |
| A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scripting occurs immediately after a .csv file is uploaded. The malicious script is stored and can be executed again when the List Pre-Registration functionality is used. | ||||
| CVE-2019-17108 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 6.1 Medium |
| Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user. | ||||
| CVE-2019-17092 | 1 Openproject | 1 Openproject | 2024-11-21 | 6.1 Medium |
| An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled. | ||||
| CVE-2019-17091 | 2 Eclipse, Oracle | 23 Mojarra, Application Testing Suite, Banking Enterprise Product Manufacturing and 20 more | 2024-11-21 | 6.1 Medium |
| faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled. | ||||
| CVE-2019-17074 | 1 Xunruicms | 1 Xunruicms | 2024-11-21 | 5.4 Medium |
| An issue was discovered in XunRuiCMS 4.3.1. There is a stored XSS in the module_category area. | ||||
| CVE-2019-17071 | 1 Realbigplugins | 1 Client Dash | 2024-11-21 | 6.1 Medium |
| The client-dash (aka Client Dash) plugin 2.1.4 for WordPress allows XSS. | ||||
| CVE-2019-17070 | 2 Lqd, Microsoft | 2 Liquid Speech Balloon, Internet Explorer | 2024-11-21 | 6.1 Medium |
| The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin before 1.0.7 for WordPress allows XSS with Internet Explorer. | ||||
| CVE-2019-17057 | 1 Footy | 1 Tipping Software | 2024-11-21 | 6.1 Medium |
| Footy Tipping Software AFL Web Edition 2019 allows XSS. | ||||
| CVE-2019-17045 | 1 Ilch | 1 Ilch Cms | 2024-11-21 | 4.8 Medium |
| Ilch 2.1.22 allows stored XSS via the title, text, or email id to the Jobs Tab. | ||||