Export limit exceeded: 338469 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44274 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-18882 | 1 Wso2 | 1 Identity Server | 2024-11-21 | 6.1 Medium |
| WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled. | ||||
| CVE-2019-18881 | 1 Wso2 | 1 Identity Server | 2024-11-21 | 6.1 Medium |
| WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile. | ||||
| CVE-2019-18873 | 1 Fudforum | 1 Fudforum | 2024-11-21 | 9.0 Critical |
| FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php. | ||||
| CVE-2019-18859 | 1 Digi | 2 Anywhereusb\/14, Anywhereusb\/14 Firmware | 2024-11-21 | 6.1 Medium |
| Digi AnywhereUSB 14 allows XSS via a link for the Digi Page. | ||||
| CVE-2019-18857 | 1 Svg-sanitizer Project | 1 Svg-sanitizer | 2024-11-21 | 7.5 High |
| darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript	:alert substring. | ||||
| CVE-2019-18842 | 1 Usriot | 8 Usr-wifi232-g2, Usr-wifi232-g2 Firmware, Usr-wifi232-h and 5 more | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the configuration web interface of the Jinan USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module with web version 1.2.2 allows attackers to leak credentials of the Wi-Fi access point the module is logged into, and the web interface login credentials, by opening a Wi-Fi access point nearby with a malicious SSID. | ||||
| CVE-2019-18839 | 1 Fudforum | 1 Fudforum | 2024-11-21 | 9.0 Critical |
| FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. | ||||
| CVE-2019-18834 | 1 Woocommerce | 1 Subscriptions | 2024-11-21 | 6.1 Medium |
| Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCS_Admin_Post_Types in class-wcs-admin-post-types.php. | ||||
| CVE-2019-18831 | 1 Barco | 8 Clickshare Cs-100, Clickshare Cs-100 Firmware, Clickshare Cse-200 and 5 more | 2024-11-21 | 5.3 Medium |
| Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information Exposure. The encrypted ClickShare Button firmware contains the private key of a test device-certificate. | ||||
| CVE-2019-18816 | 1 Popojicms | 1 Popojicms | 2024-11-21 | 6.1 Medium |
| po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows post[1][content]= stored XSS. | ||||
| CVE-2019-18793 | 1 Parallels | 1 Parallels Plesk Panel | 2024-11-21 | 6.1 Medium |
| Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/index.htm? via the "fileName" parameter. | ||||
| CVE-2019-18791 | 1 Lexmark | 160 6500e, 6500e Firmware, C734 and 157 more | 2024-11-21 | 5.4 Medium |
| Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser. | ||||
| CVE-2019-18677 | 4 Canonical, Fedoraproject, Redhat and 1 more | 4 Ubuntu Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to. | ||||
| CVE-2019-18667 | 1 Pfsense | 1 Pfsense-pkg-freeradius3 | 2024-11-21 | 6.1 Medium |
| /usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser. | ||||
| CVE-2019-18664 | 1 Secudos | 1 Domos | 2024-11-21 | 5.4 Medium |
| The Log module in SECUDOS DOMOS before 5.6 allows XSS. | ||||
| CVE-2019-18656 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 6.1 Medium |
| Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBundle/Resources/public/js/pimcore/settings/translations.js mishandles certain HTML elements. | ||||
| CVE-2019-18654 | 2 Avg, Microsoft | 2 Anti-virus, Windows | 2024-11-21 | 6.1 Medium |
| A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. | ||||
| CVE-2019-18653 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2024-11-21 | 6.1 Medium |
| A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. | ||||
| CVE-2019-18652 | 1 Watchguard | 2 Xmt515, Xmt515 Firmware | 2024-11-21 | 6.1 Medium |
| A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking on a crafted link. The payload was tested in Microsoft Internet Explorer 11.418.18362.0 and Microsoft Edge 44.18362.387.0 (Microsoft EdgeHTML 18.18362). | ||||
| CVE-2019-18649 | 1 Untangle | 1 Ng Firewall | 2024-11-21 | 4.8 Medium |
| When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS. | ||||