Export limit exceeded: 44267 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44267 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16878 | 1 Portainer | 1 Portainer | 2024-11-21 | 5.4 Medium |
| Portainer before 1.22.1 has XSS (issue 2 of 2). | ||||
| CVE-2019-16873 | 1 Portainer | 1 Portainer | 2024-11-21 | 5.4 Medium |
| Portainer before 1.22.1 has XSS (issue 1 of 2). | ||||
| CVE-2019-16862 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.1 Medium |
| Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter. | ||||
| CVE-2019-16781 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 5.8 Medium |
| In WordPress before 5.3.1, authenticated users with lower privileges (like contributors) can inject JavaScript code in the block editor, which is executed within the dashboard. It can lead to an admin opening the affected post in the editor leading to XSS. | ||||
| CVE-2019-16780 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 5.8 Medium |
| WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an admin opens the post in the editor. Execution of this attack does require an authenticated user. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. Automatic updates are enabled by default for minor releases and we strongly recommend that you keep them enabled. | ||||
| CVE-2019-16772 | 1 Serialize-to-js Project | 1 Serialize-to-js | 2024-11-21 | 3.1 Low |
| The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability. | ||||
| CVE-2019-16769 | 2 Redhat, Verizon | 3 Openshift, Service Mesh, Serialize-javascript | 2024-11-21 | 4.2 Medium |
| The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability. | ||||
| CVE-2019-16763 | 1 Pannellum | 1 Pannellum | 2024-11-21 | 4.8 Medium |
| In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs (or vbscript:), allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible potential attack would be if pannellum.htm was hosted on a domain that shared cookies with the targeted site's user authentication; an <iframe> could then be embedded on the attacker's site using pannellum.htm from the targeted site, which would allow the attacker to potentially access information from the targeted site as the authenticated user (or worse if the targeted site did not have adequate CSRF protections) if the user clicked on a hot spot in the attacker's embedded panorama viewer. This was patched in version 2.5.5. | ||||
| CVE-2019-16751 | 1 Devise Token Auth Project | 1 Devise Token Auth | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting (XSS) through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects the fallback_render method in the omniauth callbacks controller. | ||||
| CVE-2019-16734 | 2 Petwant, Skymee | 4 Pf-103, Pf-103 Firmware, Petalk Ai and 1 more | 2024-11-21 | 9.8 Critical |
| Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | ||||
| CVE-2019-16728 | 2 Cure53, Debian | 2 Dompurify, Debian Linux | 2024-11-21 | 6.1 Medium |
| DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari. | ||||
| CVE-2019-16725 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.1 Medium |
| In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates. | ||||
| CVE-2019-16719 | 1 Wtcms Project | 1 Wtcms | 2024-11-21 | 6.5 Medium |
| WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS. | ||||
| CVE-2019-16717 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.2 has XSS. | ||||
| CVE-2019-16704 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 4.8 Medium |
| admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS. | ||||
| CVE-2019-16703 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 6.1 Medium |
| admin/infolist_add.php in PHPMyWind 5.6 has stored XSS. | ||||
| CVE-2019-16688 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 5.4 Medium |
| Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privilege from Admin to users with no permissions.) | ||||
| CVE-2019-16687 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 5.4 Medium |
| Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation. | ||||
| CVE-2019-16686 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 5.4 Medium |
| Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin. | ||||
| CVE-2019-16685 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 5.4 Medium |
| Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation. | ||||