Export limit exceeded: 44253 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44253 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11992 | 1 Hp | 1 Oneview For Vmware Vcenter | 2024-11-21 | 6.1 Medium |
| A security vulnerability in HPE OneView for VMware vCenter 9.5 could be exploited remotely to allow Cross-Site Scripting. | ||||
| CVE-2019-11982 | 1 Hp | 39 Integrated Lights-out 4 Firmware, Integrated Lights-out 5 Firmware, Proliant Bl460c Gen10 and 36 more | 2024-11-21 | N/A |
| A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39. | ||||
| CVE-2019-11947 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | ||||
| CVE-2019-11946 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A remote credential disclosure vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | ||||
| CVE-2019-11928 | 1 Whatsapp | 1 Whatsapp Desktop | 2024-11-21 | 6.1 Medium |
| An input validation issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed cross-site scripting upon clicking on a link from a specially crafted live location message. | ||||
| CVE-2019-11898 | 1 Bosch | 1 Access | 2024-11-21 | 9.9 Critical |
| Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool is discontinued with Bosch Access Professional Edition (APE) 3.8. | ||||
| CVE-2019-11877 | 1 Pix-link | 2 Lv-wr09, Lv-wr09 Firmware | 2024-11-21 | N/A |
| XSS on the PIX-Link Repeater/Router LV-WR09 with firmware v28K.MiniRouter.20180616 allows attackers to steal credentials without being connected to the network. The attack vector is a crafted ESSID. | ||||
| CVE-2019-11876 | 2 Drupal, Prestashop | 2 Drupal, Prestashop | 2024-11-21 | N/A |
| In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link. | ||||
| CVE-2019-11871 | 1 Custom Field Suite Project | 1 Custom Field Suite | 2024-11-21 | N/A |
| The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for editors or admins. | ||||
| CVE-2019-11870 | 1 S9y | 1 Serendipity | 2024-11-21 | N/A |
| Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature. | ||||
| CVE-2019-11869 | 1 Yuzopro | 1 Yuzo | 2024-11-21 | N/A |
| The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that is_admin() verifies that the request comes from an admin user (it actually only verifies that the request is for an admin page). An unauthenticated attacker can inject a payload into the plugin settings, such as the yuzo_related_post_css_and_style setting. | ||||
| CVE-2019-11846 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
| /servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection. | ||||
| CVE-2019-11845 | 1 Ricoh | 2 Sp 4510dn, Sp 4510dn Firmware | 2024-11-21 | N/A |
| An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter. | ||||
| CVE-2019-11844 | 1 Ricoh | 2 Sp 4520dn, Sp 4520dn Firmware | 2024-11-21 | N/A |
| An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter. | ||||
| CVE-2019-11828 | 1 Synology | 1 Office | 2024-11-21 | 5.5 Medium |
| Cross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2019-11827 | 1 Synology | 1 Note Station | 2024-11-21 | 6.5 Medium |
| Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the object_id parameter. | ||||
| CVE-2019-11825 | 1 Synology | 1 Calendar | 2024-11-21 | 6.5 Medium |
| Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter. | ||||
| CVE-2019-11818 | 1 Alkacon | 1 Opencms | 2024-11-21 | N/A |
| Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). This allows an attacker to insert arbitrary JavaScript as user input (First Name or Last Name), which will be executed whenever the affected snippet is loaded. | ||||
| CVE-2019-11814 | 1 Misp | 1 Misp | 2024-11-21 | N/A |
| An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot. | ||||
| CVE-2019-11813 | 1 Misp | 1 Misp | 2024-11-21 | N/A |
| An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107. There is persistent XSS via link type attributes with javascript:// links. | ||||