Export limit exceeded: 338153 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44253 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12963 | 1 Livezilla | 1 Livezilla | 2024-11-21 | N/A |
| LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action. | ||||
| CVE-2019-12962 | 1 Livezilla | 1 Livezilla | 2024-11-21 | 6.1 Medium |
| LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header. | ||||
| CVE-2019-12954 | 1 Solarwinds | 2 Network Performance Monitor Orion Platform 2018 Netpath, Network Performance Monitor Orion Platform 2018 Npm | 2024-11-21 | 5.4 Medium |
| SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT. | ||||
| CVE-2019-12950 | 1 Teampass | 1 Teampass | 2024-11-21 | N/A |
| An issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php "Import items" feature, it is possible to load a crafted CSV file with an XSS payload. | ||||
| CVE-2019-12949 | 1 Netgate | 1 Pfsense | 2024-11-21 | N/A |
| In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage XSS to upload arbitrary executable code, via diag_command.php and rrd_fetch_json.php (timePeriod parameter), to a server. Then, the remote attacker can run any command with root privileges on that server. | ||||
| CVE-2019-12935 | 1 Shopware | 1 Shopware | 2024-11-21 | N/A |
| Shopware before 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI. | ||||
| CVE-2019-12934 | 1 Wp-code-highlightjs Project | 1 Wp-code-highlightjs | 2024-11-21 | N/A |
| An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css parameter. | ||||
| CVE-2019-12932 | 1 Seeddms | 1 Seeddms | 2024-11-21 | N/A |
| A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php. | ||||
| CVE-2019-12930 | 1 Wikindx Project | 1 Wikindx | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability in noMenu() and noSubMenu() in core/navigation/MENU.php in WIKINDX prior to version 5.8.1 allows remote attackers to inject arbitrary web script or HTML via the method parameter. | ||||
| CVE-2019-12927 | 1 Mailenable | 1 Mailenable | 2024-11-21 | N/A |
| MailEnable Enterprise Premium 10.23 was vulnerable to stored and reflected cross-site scripting (XSS) attacks. Because the session cookie did not use the HttpOnly flag, it was possible to hijack the session cookie by exploiting this vulnerability. | ||||
| CVE-2019-12920 | 1 Cylan | 4 Clever Dog Smart Camera Panorama Dog-2w, Clever Dog Smart Camera Panorama Dog-2w Firmware, Clever Dog Smart Camera Plus Dog-2w-v4 and 1 more | 2024-11-21 | N/A |
| On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the network can login remotely to the camera and gain root access. The device ships with a hardcoded 12345678 password for the root account, accessible from a TELNET login prompt. | ||||
| CVE-2019-12917 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | 6.1 Medium |
| A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/software_library.php component via the PATH_INFO. | ||||
| CVE-2019-12905 | 1 Afian | 1 Filerun | 2024-11-21 | 6.1 Medium |
| FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman§ion=do&page=up URI. This issue has been fixed in FileRun 2019.06.01. | ||||
| CVE-2019-12863 | 1 Solarwinds | 3 Netpath, Network Performance Monitor, Orion Platform | 2024-11-21 | 4.8 Medium |
| SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen. | ||||
| CVE-2019-12842 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A |
| A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2. | ||||
| CVE-2019-12834 | 1 Ht2labs | 1 Learning Locker | 2024-11-21 | N/A |
| In HT2 Labs Learning Locker 3.15.1, it's possible to inject malicious HTML and JavaScript code into the DOM of the website via the PATH_INFO to the dashboards/ URI. | ||||
| CVE-2019-12830 | 1 Mybb | 1 Mybb | 2024-11-21 | N/A |
| In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue. | ||||
| CVE-2019-12823 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 6.1 Medium |
| Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS. | ||||
| CVE-2019-12801 | 1 Seeddms | 1 Seeddms | 2024-11-21 | N/A |
| out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name. | ||||
| CVE-2019-12797 | 1 Elmelectronics | 2 Elm27, Elm27 Firmware | 2024-11-21 | 9.8 Critical |
| A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle. | ||||