Export limit exceeded: 44265 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44265 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14996 | 1 Atlassian | 1 Jira Server | 2024-11-21 | 6.1 Medium |
| The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter. | ||||
| CVE-2019-14987 | 1 Schben | 1 Framework | 2024-11-21 | N/A |
| Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions. | ||||
| CVE-2019-14976 | 1 Icmsdev | 1 Icms | 2024-11-21 | N/A |
| iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter. | ||||
| CVE-2019-14974 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | N/A |
| SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS. | ||||
| CVE-2019-14967 | 1 Frappe | 1 Frappe | 2024-11-21 | N/A |
| An issue was discovered in Frappe Framework 10, 11 before 11.1.46, and 12. There exists an XSS vulnerability. | ||||
| CVE-2019-14961 | 1 Jetbrains | 1 Upsource | 2024-11-21 | 6.1 Medium |
| JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS. | ||||
| CVE-2019-14953 | 2 Jetbrains, Mozilla | 2 Youtrack, Firefox | 2024-11-21 | 6.1 Medium |
| JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser. | ||||
| CVE-2019-14952 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 6.1 Medium |
| JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles. | ||||
| CVE-2019-14950 | 1 3cx | 1 Live Chat | 2024-11-21 | N/A |
| The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page. | ||||
| CVE-2019-14949 | 1 Wpseeds | 1 Wp Database Backup | 2024-11-21 | 6.1 Medium |
| The wp-database-backup plugin before 5.1.2 for WordPress has XSS. | ||||
| CVE-2019-14948 | 1 Najeebmedia | 1 Ppom For Woocommerce | 2024-11-21 | 5.4 Medium |
| The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure. | ||||
| CVE-2019-14947 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | N/A |
| The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade. | ||||
| CVE-2019-14946 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | N/A |
| The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations. | ||||
| CVE-2019-14945 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | N/A |
| The ultimate-member plugin before 2.0.54 for WordPress has XSS. | ||||
| CVE-2019-14943 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials. | ||||
| CVE-2019-14930 | 2 Inea, Mitsubishielectric | 4 Me-rtu, Me-rtu Firmware, Smartrtu and 1 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the accounts ineaadmin and mitsadmin are able to escalate privileges to root without supplying a password due to insecure entries in /etc/sudoers on the RTU.) | ||||
| CVE-2019-14928 | 2 Inea, Mitsubishielectric | 4 Me-rtu, Me-rtu Firmware, Smartrtu and 1 more | 2024-11-21 | 5.4 Medium |
| An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is SerialInitialModemString in the index.php page. | ||||
| CVE-2019-14926 | 2 Inea, Mitsubishielectric | 4 Me-rtu, Me-rtu Firmware, Smartrtu and 1 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with firmware updates. In other words, these devices use private-key values in /etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_ecdsa_key, and /etc/ssh/ssh_host_dsa_key files that are publicly available from the vendor web sites. | ||||
| CVE-2019-14919 | 1 Billion | 2 Sg600 R2, Sg600 R2 Firmware | 2024-11-21 | 7.8 High |
| An exposed Telnet Service on the Billion Smart Energy Router SG600R2 with firmware v3.02.rc6 allows a local network attacker to authenticate via hardcoded credentials into a shell, gaining root execution privileges over the device. | ||||
| CVE-2019-14918 | 1 Billion | 2 Sg600 R2, Sg600 R2 Firmware | 2024-11-21 | 5.4 Medium |
| XSS in the DHCP lease-status table in Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an attacker to inject arbitrary HTML/JavaScript code to achieve client-side code execution via crafted DHCP request packets to etc_ro/web/internet/dhcpcliinfo.asp. | ||||