Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14949 | 1 Wpseeds | 1 Wp Database Backup | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-database-backup plugin before 5.1.2 for WordPress has XSS. | |||||
| CVE-2019-14948 | 1 Najeebmedia | 1 Ppom For Woocommerce | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure. | |||||
| CVE-2019-14947 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade. | |||||
| CVE-2019-14946 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations. | |||||
| CVE-2019-14945 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The ultimate-member plugin before 2.0.54 for WordPress has XSS. | |||||
| CVE-2019-14928 | 2 Inea, Mitsubishielectric | 4 Me-rtu, Me-rtu Firmware, Smartrtu and 1 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is SerialInitialModemString in the index.php page. | |||||
| CVE-2019-14918 | 1 Billion | 2 Sg600 R2, Sg600 R2 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| XSS in the DHCP lease-status table in Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an attacker to inject arbitrary HTML/JavaScript code to achieve client-side code execution via crafted DHCP request packets to etc_ro/web/internet/dhcpcliinfo.asp. | |||||
| CVE-2019-14915 | 1 Prise | 1 Adas | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This leads to XSS when submitting a rogue certificate. | |||||
| CVE-2019-14913 | 1 Prise | 1 Adas | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel. | |||||
| CVE-2019-14911 | 1 Prise | 1 Adas | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS. | |||||
| CVE-2019-14884 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a reflected XSS possible from some fatal error messages. | |||||
| CVE-2019-14881 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in moodle 3.7 before 3.7.3, where there is blind XSS reflected in some locations where user email is displayed. | |||||
| CVE-2019-14863 | 2 Angularjs, Redhat | 3 Angular.js, Decision Manager, Process Automation | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. | |||||
| CVE-2019-14862 | 3 Knockoutjs, Oracle, Redhat | 5 Knockout, Business Intelligence, Goldengate and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. | |||||
| CVE-2019-14849 | 1 Redhat | 1 3scale | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information. | |||||
| CVE-2019-14807 | 1 Mediawiki | 1 Mobilefrontend | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php. | |||||
| CVE-2019-14805 | 1 Una | 1 Una | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| studio/builder_menu.php?page=sets in UNA 10.0.0-RC1 allows XSS via the System Name field under Sets during set editing. | |||||
| CVE-2019-14804 | 1 Una | 1 Una | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing. | |||||
| CVE-2019-14799 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS. | |||||
| CVE-2019-14797 | 1 10web | 1 Photo Gallery | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS. | |||||