Export limit exceeded: 10227 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 44276 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44276 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19110 | 1 Gvectors | 1 Wpforo | 2024-11-21 | 4.8 Medium |
| The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s parameter. | ||||
| CVE-2019-19108 | 1 Br-automation | 2 Automation Runtime, Automation Studio | 2024-11-21 | 9.4 Critical |
| An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP. | ||||
| CVE-2019-19095 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 5.4 Medium |
| Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database. | ||||
| CVE-2019-19085 | 1 Octopus | 1 Server | 2024-11-21 | 5.4 Medium |
| A persistent cross-site scripting (XSS) vulnerability in Octopus Server 3.4.0 through 2019.10.5 allows remote authenticated attackers to inject arbitrary web script or HTML. | ||||
| CVE-2019-19040 | 1 Kairosdb Project | 1 Kairosdb | 2024-11-21 | 6.1 Medium |
| KairosDB through 1.2.2 has XSS in view.html because of showErrorMessage in js/graph.js, as demonstrated by view.html?q= with a '"sampling":{"value":"<script>' substring. | ||||
| CVE-2019-19033 | 1 Jalios | 1 Jcms | 2024-11-21 | 9.8 Critical |
| Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password. | ||||
| CVE-2019-19021 | 1 Titanhq | 1 Webtitan | 2024-11-21 | 9.8 Critical |
| An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can log in with this account. | ||||
| CVE-2019-19017 | 1 Titanhq | 1 Webtitan | 2024-11-21 | 8.1 High |
| An issue was discovered in TitanHQ WebTitan before 5.18. The appliance has a hard-coded root password set during installation. An attacker could utilize this to gain root privileges on the system. | ||||
| CVE-2019-19003 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 5.3 Medium |
| For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting. | ||||
| CVE-2019-19002 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 6.3 Medium |
| For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting. | ||||
| CVE-2019-18993 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 5.4 Medium |
| OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device). | ||||
| CVE-2019-18992 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 5.4 Medium |
| OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" (this can occur, for example, on a TP-Link Archer C7 device). | ||||
| CVE-2019-18982 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 6.1 Medium |
| bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header. | ||||
| CVE-2019-18957 | 1 Microstrategy | 1 Microstrategy Library | 2024-11-21 | 6.1 Medium |
| Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS. | ||||
| CVE-2019-18955 | 1 Lansweeper | 1 Lansweeper | 2024-11-21 | 6.1 Medium |
| The web console in Lansweeper 7.2.105.2 has XSS via the URL path. Product vulnerability has been fixed and disclosed within changelog as of 02 Dec 2019. | ||||
| CVE-2019-18944 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 4.9 Medium |
| Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS. | ||||
| CVE-2019-18942 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 5.5 Medium |
| Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding. | ||||
| CVE-2019-18926 | 1 Systematicinc | 1 Iris Standards Management | 2024-11-21 | 6.1 Medium |
| Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable to unauthenticated reflected Cross Site Scripting (XSS). A user input (related to dialog information) is reflected directly in the web page, allowing a malicious user to conduct a Cross Site Scripting attack against users of the application. | ||||
| CVE-2019-18923 | 1 Go-camo Project | 1 Go-camo | 2024-11-21 | 6.1 Medium |
| Insufficient content type validation of proxied resources in go-camo before 2.1.1 allows a remote attacker to serve arbitrary content from go-camo's origin. | ||||
| CVE-2019-18914 | 1 Hp | 755 Digital Sender Flow 8500 Fn2 Document Capture Workstation L2762a, Futuresmart 3, Futuresmart 4 and 752 more | 2024-11-21 | 6.1 Medium |
| A potential security vulnerability has been identified for certain HP printers and MFPs that would allow redirection page Cross-Site Scripting in a client’s browser by clicking on a third-party malicious link. | ||||