Export limit exceeded: 44265 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44265 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15112 | 1 Wp-slimstat | 1 Slimstat Analytics | 2024-11-21 | 6.1 Medium |
| The wp-slimstat plugin before 4.8.1 for WordPress has XSS. | ||||
| CVE-2019-15110 | 1 Wp Front End Profile Project | 1 Wp Front End Profile | 2024-11-21 | N/A |
| The wp-front-end-profile plugin before 0.2.2 for WordPress has XSS. | ||||
| CVE-2019-15109 | 1 Stellarwp | 1 The Events Calendar | 2024-11-21 | N/A |
| The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter. | ||||
| CVE-2019-15108 | 1 Wso2 | 1 Api Manager | 2024-11-21 | 4.8 Medium |
| An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component. | ||||
| CVE-2019-15095 | 1 Diaowen | 1 Dwsurvey | 2024-11-21 | N/A |
| DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter. | ||||
| CVE-2019-15086 | 1 Prise | 1 Adas | 2024-11-21 | 6.1 Medium |
| An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message. | ||||
| CVE-2019-15083 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 6.1 Medium |
| Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At "Asset Home > Server > <workstation> > software" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page. | ||||
| CVE-2019-15082 | 1 Yofla | 1 360 Product Rotation | 2024-11-21 | N/A |
| The 360-product-rotation plugin before 1.4.8 for WordPress has reflected XSS. | ||||
| CVE-2019-15081 | 1 Opencart | 1 Opencart | 2024-11-21 | 4.8 Medium |
| OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages. | ||||
| CVE-2019-15075 | 1 Inextrix | 1 Astpp | 2024-11-21 | 7.5 High |
| An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config/config.php does not have strong random keys, as demonstrated by use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA9uR private key and the r)fddEw232f encryption key. | ||||
| CVE-2019-15074 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | N/A |
| The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed for any user having visibility to the issue, whenever My View Page is displayed. | ||||
| CVE-2019-15072 | 1 Openfind | 1 Mail2000 | 2024-11-21 | 6.1 Medium |
| The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via any parameter. This vulnerability affects many mail system of governments, organizations, companies and universities. | ||||
| CVE-2019-15071 | 1 Openfind | 1 Mail2000 | 2024-11-21 | 6.1 Medium |
| The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of governments, organizations, companies and universities. | ||||
| CVE-2019-15054 | 1 Getmailbird | 1 Mailbird | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Mailbird before 2.7.5.0 r allow remote attackers to execute arbitrary JavaScript in a privileged context via a crafted HTML mail message. This vulnerability is distinct from CVE-2015-4657. | ||||
| CVE-2019-15053 | 1 Atlassian | 1 Html Include And Replace Macro | 2024-11-21 | N/A |
| The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element. | ||||
| CVE-2019-15037 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 6.1 Medium |
| An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1. | ||||
| CVE-2019-15017 | 1 Zingbox | 1 Inspector | 2024-11-21 | 8.4 High |
| The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials. | ||||
| CVE-2019-15015 | 1 Zingbox | 1 Inspector | 2024-11-21 | 8.4 High |
| In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system. | ||||
| CVE-2019-15008 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 6.1 Medium |
| The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter. | ||||
| CVE-2019-15007 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 4.8 Medium |
| The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch. | ||||