Total
43666 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12932 | 1 Seeddms | 1 Seeddms | 2024-11-21 | N/A |
| A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php. | ||||
| CVE-2019-12930 | 1 Wikindx Project | 1 Wikindx | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability in noMenu() and noSubMenu() in core/navigation/MENU.php in WIKINDX prior to version 5.8.1 allows remote attackers to inject arbitrary web script or HTML via the method parameter. | ||||
| CVE-2019-12927 | 1 Mailenable | 1 Mailenable | 2024-11-21 | N/A |
| MailEnable Enterprise Premium 10.23 was vulnerable to stored and reflected cross-site scripting (XSS) attacks. Because the session cookie did not use the HttpOnly flag, it was possible to hijack the session cookie by exploiting this vulnerability. | ||||
| CVE-2019-12917 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | 6.1 Medium |
| A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/software_library.php component via the PATH_INFO. | ||||
| CVE-2019-12905 | 1 Afian | 1 Filerun | 2024-11-21 | 6.1 Medium |
| FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman§ion=do&page=up URI. This issue has been fixed in FileRun 2019.06.01. | ||||
| CVE-2019-12863 | 1 Solarwinds | 3 Netpath, Network Performance Monitor, Orion Platform | 2024-11-21 | 4.8 Medium |
| SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen. | ||||
| CVE-2019-12842 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A |
| A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2. | ||||
| CVE-2019-12834 | 1 Ht2labs | 1 Learning Locker | 2024-11-21 | N/A |
| In HT2 Labs Learning Locker 3.15.1, it's possible to inject malicious HTML and JavaScript code into the DOM of the website via the PATH_INFO to the dashboards/ URI. | ||||
| CVE-2019-12830 | 1 Mybb | 1 Mybb | 2024-11-21 | N/A |
| In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue. | ||||
| CVE-2019-12823 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 6.1 Medium |
| Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS. | ||||
| CVE-2019-12801 | 1 Seeddms | 1 Seeddms | 2024-11-21 | N/A |
| out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name. | ||||
| CVE-2019-12774 | 1 Enttec | 8 Datagate Mk2, Datagate Mk2 Firmware, E-streamer Mk2 and 5 more | 2024-11-21 | N/A |
| A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044_update_05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description field in JSON data to the Profile Editor. | ||||
| CVE-2019-12773 | 1 Verint | 1 Impact 360 | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Verint Impact 360 15.1. At wfo/help/help_popup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this product is installed, given the attacker can convince a victim to visit a crafted link. | ||||
| CVE-2019-12766 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors. | ||||
| CVE-2019-12754 | 1 Symantec | 1 Vip | 2024-11-21 | N/A |
| Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy. | ||||
| CVE-2019-12748 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 6.1 Medium |
| TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS. | ||||
| CVE-2019-12745 | 1 Seeddms | 1 Seeddms | 2024-11-21 | N/A |
| out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site Scripting (XSS) via the name field. | ||||
| CVE-2019-12741 | 1 Fhir | 1 Hapi Fhir | 2024-11-21 | N/A |
| XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafted URL. (This module is not generally used in production systems so the attack surface is expected to be low, but affected systems are recommended to upgrade immediately.) | ||||
| CVE-2019-12732 | 1 Chartkick Project | 1 Chartkick | 2024-11-21 | N/A |
| The Chartkick gem through 3.1.0 for Ruby allows XSS. | ||||
| CVE-2019-12724 | 1 Teclib-edition | 1 News | 2024-11-21 | 6.1 Medium |
| An issue was discovered in the Teclib News plugin through 1.5.2 for GLPI. It allows a stored XSS attack via the $_POST['name'] parameter. | ||||