Export limit exceeded: 44243 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44243 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11203 | 1 Tibco | 2 Activematrix Business Process Management, Silver Fabric Enabler | 2024-11-21 | 6.1 Medium |
| The workspace client, openspace client, app development client, and REST API of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain cross site scripting (XSS) and cross-site request forgery vulnerabilities. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1. | ||||
| CVE-2019-11199 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A |
| Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. The vulnerabilities could be exploited by low privileged users to target administrators. The viewimage.php page did not perform any contextual output encoding and would display the content within the uploaded file with a user-requested MIME type. | ||||
| CVE-2019-11198 | 1 Sitecore | 1 Cms | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sitecore CMS 9.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) #300583 - List Manager Dashboard module, (2) #307638 - Campaign Creator module, (3) #316994 - Attributes field, (4) I#316995 - Icon Selection module, (5) #317000 - Latitude field, (6) #317000 - Longitude field, (7) #317017 - UploadPackage2.aspx module, (8) #317072 - Context menu, or (9) I#317073 - Insert from Template dialog. | ||||
| CVE-2019-11132 | 1 Intel | 1 Active Management Technology Firmware | 2024-11-21 | 8.4 High |
| Cross site scripting in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow a privileged user to potentially enable escalation of privilege via network access. | ||||
| CVE-2019-11084 | 1 Gbraad | 1 Gauth | 2024-11-21 | N/A |
| GAuth 0.9.9 beta has stored XSS that shows a popup repeatedly and discloses cookies. | ||||
| CVE-2019-11033 | 1 Applaudsolutions | 1 Applaud Hcm | 2024-11-21 | N/A |
| Applaud HCM 4.0.42+ uses HTML tag fields for HTML inputs in a form. This leads to an XSS vulnerability with a payload starting with the <iframe./> substring. | ||||
| CVE-2019-11032 | 1 Hr-technologies | 1 Easytorecruit | 2024-11-21 | N/A |
| In EasyToRecruit (E2R) before 2.11, the upload feature and the Candidate Profile Management feature are prone to Cross Site Scripting (XSS) injection in multiple locations. | ||||
| CVE-2019-11030 | 1 Mirasys | 1 Mirasys Vms | 2024-11-21 | N/A |
| Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. This method triggers insecure deserialization within the .NET garbage collector, in which a gadget (contained in a serialized object) may be executed with SYSTEM privileges. The attacker must properly encrypt the object; however, the hardcoded keys are available. | ||||
| CVE-2019-11025 | 2 Cacti, Debian | 2 Cacti, Debian Linux | 2024-11-21 | 5.4 Medium |
| In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS. | ||||
| CVE-2019-11017 | 1 Dlink | 2 Di-524, Di-524 Firmware | 2024-11-21 | 4.8 Medium |
| On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter. | ||||
| CVE-2019-11004 | 1 Materializecss | 1 Materialize | 2024-11-21 | N/A |
| In Materialize through 1.0.0, XSS is possible via the Toast feature. | ||||
| CVE-2019-11003 | 1 Materializecss | 1 Materialize | 2024-11-21 | N/A |
| In Materialize through 1.0.0, XSS is possible via the Autocomplete feature. | ||||
| CVE-2019-11002 | 1 Materializecss | 1 Materialize | 2024-11-21 | N/A |
| In Materialize through 1.0.0, XSS is possible via the Tooltip feature. | ||||
| CVE-2019-10995 | 1 Abb | 16 Cp651, Cp651-web, Cp651-web Firmware and 13 more | 2024-11-21 | 8.8 High |
| ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. | ||||
| CVE-2019-10990 | 1 Redlion | 1 Crimson | 2024-11-21 | 6.5 Medium |
| Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files. | ||||
| CVE-2019-10979 | 1 Sick | 2 Msc800, Msc800 Firmware | 2024-11-21 | N/A |
| SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password. | ||||
| CVE-2019-10957 | 1 Geutebrueck | 22 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 19 more | 2024-11-21 | 4.8 Medium |
| Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user’s browser. | ||||
| CVE-2019-10933 | 1 Siemens | 4 Spectrum Power 3, Spectrum Power 4, Spectrum Power 5 and 1 more | 2024-11-21 | N/A |
| A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions <= v3.11), Spectrum Power 4 (Corporate User Interface) (Version v4.75), Spectrum Power 5 (Corporate User Interface) (All versions < v5.50), Spectrum Power 7 (Corporate User Interface) (All versions <= v2.20). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user does not need to be logged into the web interface in order for the exploitation to succeed.At the stage of publishing this security advisory no public exploitation is known. | ||||
| CVE-2019-10920 | 1 Siemens | 2 Logo\!8 Bm, Logo\!8 Bm Firmware | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a hardcoded encryption key. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. | ||||
| CVE-2019-10913 | 1 Sensiolabs | 1 Symfony | 2024-11-21 | N/A |
| In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to symfony/http-foundation. | ||||