Export limit exceeded: 13834 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 44410 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44410 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9910 | 1 King-theme | 1 Kingcomposer | 2024-11-21 | N/A |
| The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS. | ||||
| CVE-2019-9909 | 1 Givewp | 1 Givewp | 2024-11-21 | N/A |
| The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS. | ||||
| CVE-2019-9908 | 1 Hivewebstudios | 1 Font Organizer | 2024-11-21 | N/A |
| The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php manage_font_id XSS. | ||||
| CVE-2019-9844 | 2 Fedoraproject, Khanacademy | 2 Fedora, Simple-markdown | 2024-11-21 | N/A |
| simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI. | ||||
| CVE-2019-9841 | 1 Vestacp | 1 Control Panel | 2024-11-21 | N/A |
| Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL. | ||||
| CVE-2019-9839 | 1 Vfront | 1 Vfront | 2024-11-21 | N/A |
| VFront 0.99.5 has Reflected XSS via the admin/menu_registri.php descrizione_g parameter or the admin/sync_reg_tab.php azzera parameter. | ||||
| CVE-2019-9838 | 1 Vfront | 1 Vfront | 2024-11-21 | N/A |
| VFront 0.99.5 has stored XSS via the admin/sync_reg_tab.php azzera parameter, which is mishandled during admin/error_log.php rendering. | ||||
| CVE-2019-9834 | 1 Netdata | 1 Netdata | 2024-11-21 | N/A |
| The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to steal authentication credentials or to control how the site is rendered to the user. NOTE: the vendor disputes the risk because there is a clear warning next to the button for importing a snapshot | ||||
| CVE-2019-9765 | 1 Blog Mini Project | 1 Blog Mini | 2024-11-21 | N/A |
| In Blog_mini 1.0, XSS exists via the author name of a comment reply in the app/main/views.py articleDetails() function, related to app/templates/_article_comments.html. | ||||
| CVE-2019-9763 | 1 Openfind | 1 Mail2000 | 2024-11-21 | N/A |
| An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an '<object data="data:text/html' substring in an e-mail message (The vendor subsequently patched this). | ||||
| CVE-2019-9758 | 1 Labkey | 1 Labkey Server | 2024-11-21 | 5.4 Medium |
| An issue was discovered in LabKey Server 19.1.0. The display name of a user is vulnerable to stored XSS that can execute on administrators from security/permissions.view, security/addUsers.view, or wiki/Administration/page.view in the admin panel, leading to privilege escalation. | ||||
| CVE-2019-9752 | 2 Opensuse, Otrs | 3 Backports Sle, Leap, Otrs | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm. | ||||
| CVE-2019-9751 | 1 Otrs | 1 Otrs | 2024-11-21 | N/A |
| An issue was discovered in Open Ticket Request System (OTRS) 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm. | ||||
| CVE-2019-9738 | 1 Golangtc | 1 Gopher | 2024-11-21 | N/A |
| jimmykuu Gopher 2.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring. | ||||
| CVE-2019-9737 | 1 Ipandao | 1 Editor.md | 2024-11-21 | 6.1 Medium |
| Editor.md 1.5.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring. | ||||
| CVE-2019-9736 | 1 1024tools | 1 1024tools | 2024-11-21 | N/A |
| DOM-based XSS exists in 1024Tools Markdown 1.0 via vectors involving the '<EMBED SRC="data:image/svg+xml' substring. | ||||
| CVE-2019-9725 | 1 Korenix | 5 Jetport 5601, Jetport 5601 Firmware, Jetport 5601f and 2 more | 2024-11-21 | N/A |
| The Web manager (aka Commander) on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting. | ||||
| CVE-2019-9714 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! before 3.9.4. The media form field lacks escaping, leading to XSS. | ||||
| CVE-2019-9712 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! before 3.9.4. The JSON handler in com_config lacks input validation, leading to XSS. | ||||
| CVE-2019-9711 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS. | ||||