Export limit exceeded: 338254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10214 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 44262 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44262 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14406 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493). | ||||
| CVE-2019-14390 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512). | ||||
| CVE-2019-14387 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506). | ||||
| CVE-2019-14386 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504). | ||||
| CVE-2019-14364 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | 6.1 Medium |
| An XSS vulnerability in the "Email Subscribers & Newsletters" plugin 4.1.6 for WordPress allows an attacker to inject malicious JavaScript code through a publicly available subscription form using the esfpx_name wp-admin/admin-ajax.php POST parameter. | ||||
| CVE-2019-14350 | 1 Espocrm | 1 Espocrm | 2024-11-21 | N/A |
| EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base. A malicious attacker can inject JavaScript code in the body parameter during api/v1/KnowledgeBaseArticle knowledge-base record creation. | ||||
| CVE-2019-14349 | 1 Espocrm | 1 Espocrm | 2024-11-21 | N/A |
| EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the api/v1/Document functionality for storing documents in the account tab. An attacker can upload a crafted file that contains JavaScript code in its name. This code will be executed when a user opens a page of any profile with this. | ||||
| CVE-2019-14344 | 1 Vocabularyserver | 1 Tematres | 2024-11-21 | 6.1 Medium |
| TemaTres 3.0 has reflected XSS via the replace_string or search_string parameter to the vocab/admin.php?doAdmin=bulkReplace URI. | ||||
| CVE-2019-14343 | 1 Vocabularyserver | 1 Tematres | 2024-11-21 | 5.4 Medium |
| TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabulario_id=list URI. | ||||
| CVE-2019-14338 | 1 Dlink | 4 6600-ap, 6600-ap Firmware, Dwl-3600ap and 1 more | 2024-11-21 | 6.1 Medium |
| An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a post-authentication admin.cgi?action= XSS vulnerability on the management interface. | ||||
| CVE-2019-14331 | 1 Espocrm | 1 Espocrm | 2024-11-21 | N/A |
| An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create User. A malicious attacker can modify the firstName and lastName to contain JavaScript code. | ||||
| CVE-2019-14330 | 1 Espocrm | 1 Espocrm | 2024-11-21 | N/A |
| An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due to lack of filtration of user-supplied data in Create Case. A malicious attacker can modify the firstName and lastName to contain JavaScript code. | ||||
| CVE-2019-14329 | 1 Espocrm | 1 Espocrm | 2024-11-21 | N/A |
| An issue was discovered in EspoCRM before 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain JavaScript code. | ||||
| CVE-2019-14315 | 1 Sunhater | 1 Kcfinder | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter. | ||||
| CVE-2019-14309 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2024-11-21 | 7.5 High |
| Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders. | ||||
| CVE-2019-14298 | 1 Veeam | 1 One Reporter | 2024-11-21 | N/A |
| Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(config) field to addDashboard or editDashboard in CommonDataHandlerReadOnly.ashx. | ||||
| CVE-2019-14297 | 1 Veeam | 1 One Reporter | 2024-11-21 | N/A |
| Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with a crafted Caption field to setDashboardWidget in CommonDataHandlerReadOnly.ashx. | ||||
| CVE-2019-14286 | 1 Misp | 1 Misp | 2024-11-21 | N/A |
| In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. A malicious MISP event must be crafted in order to trigger the vulnerability. | ||||
| CVE-2019-14272 | 1 Silverstripe | 1 Silverstripe | 2024-11-21 | 5.4 Medium |
| In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS. | ||||
| CVE-2019-14228 | 1 Angry-frog | 1 Xavier | 2024-11-21 | N/A |
| Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based XSS via the username parameter when registering a new user at admin/includes/adminprocess.php. If there is an error when registering the user, the unsanitized username will reflect via the error page. Due to the lack of CSRF protection on the admin/includes/adminprocess.php endpoint, an attacker is able to chain the XSS with CSRF in order to cause remote exploitation. | ||||