Export limit exceeded: 338443 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44270 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-18574 | 2 Emc, Rsa | 2 Rsa Authentication Manager, Authentication Manager | 2024-11-21 | 4.8 Medium |
| RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could then be included in a report. When other Security Console administrators open the affected report, the injected scripts could potentially be executed in their browser. | ||||
| CVE-2019-18571 | 1 Dell | 1 Rsa Identity Governance And Lifecycle | 2024-11-21 | 5.4 Medium |
| The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a reflected cross-site scripting vulnerability in the My Access Live module [MAL]. An authenticated malicious local user could potentially exploit this vulnerability by sending crafted URL with scripts. When victim users access the module through their browsers, the malicious code gets injected and executed by the web browser in the context of the vulnerable web application. | ||||
| CVE-2019-18454 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.1 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition 10.5 through 12.4 in link validation for RDoc wiki pages feature. It has XSS. | ||||
| CVE-2019-18419 | 1 Clonos | 1 Clonos | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | ||||
| CVE-2019-18416 | 1 Restaurant Management System Project | 1 Restaurant Management System | 2024-11-21 | 6.1 Medium |
| Sourcecodester Restaurant Management System 1.0 allows XSS via the Last Name field of a member. | ||||
| CVE-2019-18415 | 1 Restaurant Management System Project | 1 Restaurant Management System | 2024-11-21 | 6.1 Medium |
| Sourcecodester Restaurant Management System 1.0 allows XSS via the "send a message" screen. | ||||
| CVE-2019-18413 | 1 Typestack Class-validator Project | 1 Typestack Class-validator | 2024-11-21 | 3.7 Low |
| In TypeStack class-validator 0.10.2, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not documented and thus most developers configure input validation in the vulnerable default manner. With this vulnerability, attackers can launch SQL Injection or XSS attacks by injecting arbitrary malicious input. NOTE: a software maintainer agrees with the "is not documented" finding but suggests that much of the responsibility for the risk lies in a different product. | ||||
| CVE-2019-18378 | 1 Symantec | 1 Messaging Gateway | 2024-11-21 | 4.8 Medium |
| Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. | ||||
| CVE-2019-18357 | 1 Thycotic | 1 Secret Server | 2024-11-21 | 6.1 Medium |
| An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2). | ||||
| CVE-2019-18356 | 1 Thycotic | 1 Secret Server | 2024-11-21 | 6.1 Medium |
| An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2). | ||||
| CVE-2019-18350 | 1 Ant.design | 1 Ant Design Pro | 2024-11-21 | 6.1 Medium |
| In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET parameter affects the authorization component, leading to execution of JavaScript code in the login after-action script. | ||||
| CVE-2019-18347 | 1 Davical | 1 Davical | 2024-11-21 | 5.4 Medium |
| A stored XSS issue was discovered in DAViCal through 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged users, making it possible for JavaScript stored in those fields to be executed by another (possibly privileged) user. Affected database fields include Username, Display Name, and Email. | ||||
| CVE-2019-18345 | 2 Davical, Debian | 2 Davical, Debian Linux | 2024-11-21 | 9.3 Critical |
| A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an administrator, the attacker can for example add a new admin user to gain full access to the application. | ||||
| CVE-2019-18273 | 1 Osisoft | 1 Pi Vision | 2024-11-21 | 4.8 Medium |
| OSIsoft PI Vision, PI Vision 2017 R2 and PI Vision 2017 R2 SP1. The affected product is vulnerable to cross-site scripting, which may allow invalid input to be introduced. | ||||
| CVE-2019-18267 | 1 Ge | 4 S2020, S2020 Firmware, S2020g and 1 more | 2024-11-21 | 5.4 Medium |
| An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site scripting vulnerability that may allow session hijacking, disclosure of sensitive data, cross-site request forgery (CSRF) attacks, and remote code execution. | ||||
| CVE-2019-18249 | 1 Reliablecontrols | 4 Mach-prowebcom, Mach-prowebcom Firmware, Mach-prowebsys and 1 more | 2024-11-21 | 6.1 Medium |
| Reliable Controls MACH-ProWebCom/Sys, all versions prior to 2.15 (Firmware versions prior to 8.26.4), may allow attacker to execute commands on behalf of the user when an authenticated user clicks on a malicious link. | ||||
| CVE-2019-18233 | 1 Advantech | 2 Spectre Rt Ert351, Spectre Rt Ert351 Firmware | 2024-11-21 | 6.1 Medium |
| In Advantech Spectre RT Industrial Routers ERT351 5.1.3 and prior, the affected product does not neutralize special characters in the error response, allowing attackers to use a reflected XSS attack. | ||||
| CVE-2019-18223 | 1 Eleveo | 1 Call Recording | 2024-11-21 | 5.4 Medium |
| ZOOM International Call Recording 6.3.1 suffers from multiple authenticated stored XSS vulnerabilities via the phoneNumber field in the (1) User Edit or (2) User Add form, (3) name field in the Role Add form, (4) name or number field in the Edit Group form, (5) tagKey or tagValue field in the Recording Rules Configuration, or (6) txt_69735:/VemailAddress/value or txt_75767:/VemailFrom/value field in callrec/config. | ||||
| CVE-2019-18221 | 1 Corehr | 1 Core Portal | 2024-11-21 | 6.1 Medium |
| CoreHR Core Portal before 27.0.7 allows stored XSS. | ||||
| CVE-2019-18219 | 1 Sitemagic | 1 Sitemagic | 2024-11-21 | 6.1 Medium |
| Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulnerability, as it fails to validate user input. The affected components (index.php, upgrade.php) allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter. | ||||