Export limit exceeded: 44248 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44248 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11522 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| OX App Suite 7.10.0 to 7.10.2 allows XSS. | ||||
| CVE-2019-11513 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
| The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action. | ||||
| CVE-2019-11511 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | N/A |
| Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API. | ||||
| CVE-2019-11507 | 1 Ivanti | 1 Connect Secure | 2024-11-21 | 6.1 Medium |
| In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page. | ||||
| CVE-2019-11504 | 1 Zotonic | 1 Zotonic | 2024-11-21 | N/A |
| Zotonic before version 0.47 has mod_admin XSS. | ||||
| CVE-2019-11464 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 6.1 Medium |
| Some enterprises require that REST API endpoints include security-related headers in REST responses. Headers such as X-Frame-Options and X-Content-Type-Options are generally advisable, however some information security professionals additionally look for X-Permitted-Cross-Domain-Policies and X-XSS-Protection, which are more generally applicable to HTML endpoint, to be included too. These headers were not included in Couchbase Server 5.5.0 and 5.1.2 . They are now included in version 6.0.2 in responses from the Couchbase Server Views REST API (port 8092). | ||||
| CVE-2019-11454 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 6.1 Medium |
| Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation. | ||||
| CVE-2019-11429 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | N/A |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field on the "DNS Functions > "Add DNS Zone" screen. | ||||
| CVE-2019-11427 | 1 Idreamsoft | 1 Icms | 2024-11-21 | N/A |
| An XSS issue was discovered in app/search/search.app.php in idreamsoft iCMS 7.0.14 via the public/api.php?app=search q parameter. | ||||
| CVE-2019-11426 | 1 Idreamsoft | 1 Icms | 2024-11-21 | N/A |
| An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter. | ||||
| CVE-2019-11408 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | N/A |
| XSS in app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated attackers to inject arbitrary JavaScript characters by placing a phone call using a specially crafted caller ID number. This can further lead to remote code execution by chaining this vulnerability with a command injection vulnerability also present in FusionPBX. | ||||
| CVE-2019-11406 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | N/A |
| Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter. | ||||
| CVE-2019-11398 | 1 Ulicms | 1 Ulicms | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitrary web script or HTML via the go parameter to admin/index.php, the go parameter to /admin/index.php?register=register, or the error parameter to admin/index.php?action=favicon. | ||||
| CVE-2019-11370 | 1 Carel | 2 Pcoweb Card, Pcoweb Card Firmware | 2024-11-21 | N/A |
| Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field. | ||||
| CVE-2019-11368 | 1 Auo | 1 Solar Data Recorder | 2024-11-21 | N/A |
| Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via the protect/config.htm addr parameter. | ||||
| CVE-2019-11358 | 11 Backdropcms, Debian, Drupal and 8 more | 114 Backdrop, Debian Linux, Drupal and 111 more | 2024-11-21 | 6.1 Medium |
| jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. | ||||
| CVE-2019-11345 | 1 Citrix | 2 Citrix Sd-wan Center, Netscaler Sd-wan Center | 2024-11-21 | 6.1 Medium |
| Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS. | ||||
| CVE-2019-11318 | 1 Synacor | 1 Zimbra Collaboration Server | 2024-11-21 | 5.4 Medium |
| Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS. | ||||
| CVE-2019-11281 | 4 Debian, Fedoraproject, Pivotal Software and 1 more | 5 Debian Linux, Fedora, Rabbitmq and 2 more | 2024-11-21 | 4.8 Medium |
| Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information. | ||||
| CVE-2019-11274 | 1 Cloudfoundry | 1 User Account And Authentication | 2024-11-21 | 6.1 Medium |
| Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. A remote unauthenticated malicious attacker could craft a URL that contains a SCIM filter that contains malicious JavaScript, which older browsers may execute. | ||||