Export limit exceeded: 338202 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44256 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-13607 | 1 Opera | 1 Mini | 2024-11-21 | N/A |
| The Opera Mini application through 16.0.14 for iOS has a UXSS vulnerability that can be triggered by performing navigation to a javascript: URL. | ||||
| CVE-2019-13588 | 1 Wikindx Project | 1 Wikindx | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability in getPagingStart() in core/lists/PAGING.php in WIKINDX before 5.8.2 allows remote attackers to inject arbitrary web script or HTML via the PagingStart parameter. | ||||
| CVE-2019-13564 | 1 Pingidentity | 1 Agentless Integration Kit | 2024-11-21 | 6.1 Medium |
| XSS exists in Ping Identity Agentless Integration Kit before 1.5. | ||||
| CVE-2019-13562 | 1 Dlink | 2 Dir-655, Dir-655 Firmware | 2024-11-21 | N/A |
| D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the /www/apply_sec.cgi html_response_return_page parameter. | ||||
| CVE-2019-13559 | 1 Ge | 1 Mark Vie Controll System | 2024-11-21 | 7.8 High |
| GE Mark VIe Controller is shipped with pre-configured hard-coded credentials that may allow root-user access to the controller. A limited application of the affected product may ship without setup and configuration instructions immediately available to the end user. The bulk of controllers go into applications requiring the GE commissioning engineer to change default configurations during the installation process. GE recommends that users reset controller passwords during installation in the operating environment. | ||||
| CVE-2019-13553 | 2 Carel, Rittal | 2 Pcoweb Firmware, Chiller Sk 3232 | 2024-11-21 | 9.8 Critical |
| Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the affected systems, namely turning the cooling unit on and off and setting the temperature set point. | ||||
| CVE-2019-13538 | 1 Codesys | 1 Codesys | 2024-11-21 | 8.6 High |
| 3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only. | ||||
| CVE-2019-13530 | 1 Philips | 19 865240, 865241, 865242 and 16 more | 2024-11-21 | 7.2 High |
| Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). An attacker can use these credentials to login via ftp and upload a malicious firmware. | ||||
| CVE-2019-13506 | 1 Nuxtjs | 2 \@nuxt\/devalue, Nuxt.js | 2024-11-21 | N/A |
| @nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mishandles object keys, leading to XSS. | ||||
| CVE-2019-13505 | 1 Dwbooster | 1 Appointment Hour Booking | 2024-11-21 | 6.1 Medium |
| The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1. | ||||
| CVE-2019-13495 | 1 Zyxel | 2 Xgs2210-52hp, Xgs2210-52hp Firmware | 2024-11-21 | 5.4 Medium |
| In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross-site scripting (XSS) issues allows remote authenticated users to inject arbitrary web script via an rpSys.html Name or Location field. | ||||
| CVE-2019-13493 | 1 Sitecore | 1 Experience Platform | 2024-11-21 | N/A |
| In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript. | ||||
| CVE-2019-13488 | 1 Trape Project | 1 Trape | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability in static/js/trape.js in Trape through 2019-05-08 allows remote attackers to inject arbitrary web script or HTML via the country, query, or refer parameter to the /register URI, because the jQuery prepend() method is used. | ||||
| CVE-2019-13478 | 1 Yoast | 1 Yoast Seo | 2024-11-21 | 9.8 Critical |
| The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions. | ||||
| CVE-2019-13476 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | N/A |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email list page. | ||||
| CVE-2019-13474 | 1 Telestar | 22 Bobs Rock Radio, Bobs Rock Radio Firmware, Dabman D10 and 19 more | 2024-11-21 | 9.8 Critical |
| TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have insufficient access control for the /set_dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands. | ||||
| CVE-2019-13473 | 2 Auna, Telestar | 24 Connect 100, Connect 100 Firmware, Bobs Rock Radio and 21 more | 2024-11-21 | 9.8 Critical |
| TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have an undocumented TELNET service within the BusyBox subsystem, leading to root access. | ||||
| CVE-2019-13472 | 1 Phpwind | 1 Phpwind | 2024-11-21 | N/A |
| PHPWind 9.1.0 has XSS vulnerabilities in the c and m parameters of the index.php file. | ||||
| CVE-2019-13466 | 2 Sandisk, Westerndigital | 2 Ssd Dashboard, Ssd Dashboard | 2024-11-21 | 7.5 High |
| Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 have Incorrect Access Control. The “generate reports” archive is protected with a hard-coded password. An application update that addresses the protection of archive encryption is available. | ||||
| CVE-2019-13463 | 1 Quantumcloud | 1 Simple Link Directory | 2024-11-21 | 6.1 Medium |
| An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin before 7.3.5 for WordPress allows remote attackers to inject arbitrary web script or HTML, because esc_html is not called for the "echo get_the_title()" or "echo $term->name" statement. | ||||