Export limit exceeded: 44270 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44270 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17606 | 1 Hexo-admin Project | 1 Hexo-admin | 2024-11-21 | 6.1 Medium |
| The Post editor functionality in the hexo-admin plugin versions 2.3.0 and earlier for Node.js is vulnerable to stored XSS via the content of a post. | ||||
| CVE-2019-17599 | 1 Expresstech | 1 Quiz And Survey Master | 2024-11-21 | 6.1 Medium |
| The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter (and/or the quiz_id parameter). The component is: admin/quiz-options-page.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL. | ||||
| CVE-2019-17581 | 1 Dormsystem Project | 1 Dormsystem | 2024-11-21 | 6.1 Medium |
| tonyy dormsystem through 1.3 allows DOM XSS. | ||||
| CVE-2019-17579 | 1 Sonarsource | 1 Sonarqube | 2024-11-21 | 6.1 Medium |
| SonarSource SonarQube before 7.8 has XSS in project links on account/projects. | ||||
| CVE-2019-17578 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Sender email for automatic emails (default value in php.ini: Undefined)" field. | ||||
| CVE-2019-17577 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails (fields 'Errors-To' in emails sent)" field. | ||||
| CVE-2019-17576 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit URI via the "Send all emails to (instead of real recipients, for test purposes)" field. | ||||
| CVE-2019-17573 | 3 Apache, Oracle, Redhat | 14 Cxf, Commerce Guided Search, Communications Element Manager and 11 more | 2024-11-21 | 6.1 Medium |
| By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable. | ||||
| CVE-2019-17557 | 1 Apache | 1 Syncope | 2024-11-21 | 5.4 Medium |
| It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string. | ||||
| CVE-2019-17551 | 1 Apakgroup | 1 Wholesale Floorplanning Finance | 2024-11-21 | 6.1 Medium |
| In Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5, an attacker can send an authenticated POST request with a malicious payload to /WFS/agreementView.faces allowing a stored XSS via the mainForm:loanNotesnotes:0:rich_text_editor_note_text parameter in the Notes section. Although versions 6.31.8.3 and 6.31.8.5 are confirmed to be affected, all versions with the vulnerable WYSIWYG editor in the Notes section are likely affected. | ||||
| CVE-2019-17550 | 1 Adenion | 1 Blog2social | 2024-11-21 | 6.1 Medium |
| The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2s_id parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL. | ||||
| CVE-2019-17535 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 6.1 Medium |
| Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647. | ||||
| CVE-2019-17524 | 1 Technicolor | 2 Tc7300.b0, Tc7300.b0 Firmware | 2024-11-21 | 5.4 Medium |
| An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. An intranet host can use a crafted hostname to exploit this. | ||||
| CVE-2019-17523 | 1 Technicolor | 2 Tc7300.b0, Tc7300.b0 Firmware | 2024-11-21 | 5.4 Medium |
| An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp. | ||||
| CVE-2019-17522 | 1 Hotarucms | 1 Hotarucms | 2024-11-21 | 4.8 Medium |
| A stored XSS vulnerability was discovered in Hotaru CMS v1.7.2 via the admin_index.php?page=settings SITE NAME field (aka SITE_NAME), a related issue to CVE-2011-4709.1. | ||||
| CVE-2019-17515 | 1 Cleantalk | 1 Spam Protection\, Antispam\, Firewall | 2024-11-21 | 6.1 Medium |
| The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and inc/cleantalk-comments.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL. | ||||
| CVE-2019-17504 | 1 Kirona | 1 Dynamic Resource Scheduling | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. A reflected Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script via the /osm/report/ password parameter. | ||||
| CVE-2019-17496 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 6.1 Medium |
| Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion. | ||||
| CVE-2019-17494 | 1 Laravel-bjyblog Project | 1 Laravel-bjyblog | 2024-11-21 | 6.1 Medium |
| laravel-bjyblog 6.1.1 has XSS via a crafted URL. | ||||
| CVE-2019-17493 | 1 Jnoj | 1 Jiangnan Online Judge | 2024-11-21 | 6.1 Medium |
| Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_input] parameter to web/admin/problem/create or web/polygon/problem/update. | ||||