Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10047 | 1 Pydio | 1 Pydio | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored XSS vulnerability exists in the web application of Pydio through 8.2.2 that can be exploited by levering the file upload and file preview features of the application. An authenticated attacker can upload an HTML file containing JavaScript code and afterwards a file preview URL can be used to access the uploaded file. If a malicious user shares an uploaded HTML file containing JavaScript code with another user of the application, and tricks an authenticated victim into accessing a URL that results in the HTML code being interpreted by the web browser, then the included JavaScript code is executed under the context of the victim user session. | |||||
| CVE-2019-10027 | 1 Phpcms | 1 Phpcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field on the personal information screen. | |||||
| CVE-2019-10017 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker. | |||||
| CVE-2019-10016 | 1 Gforge | 1 Advanced Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by a snippet/search/?words= substring. | |||||
| CVE-2019-10010 | 1 Thephpleague | 1 Commonmark | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than CVE-2018-20583. | |||||
| CVE-2019-1020019 | 1 Inveniosoftware | 1 Invenio-previewer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| invenio-previewer before 1.0.0a12 allows XSS. | |||||
| CVE-2019-1020010 | 1 Misskey | 1 Misskey | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Misskey before 10.102.4 allows hijacking a user's token. | |||||
| CVE-2019-1020008 | 1 Stacktable.js Project | 1 Stacktable.js | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| stacktable.js before 1.0.4 allows XSS. | |||||
| CVE-2019-1020007 | 1 Owasp | 1 Dependency-track | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Dependency-Track before 3.5.1 allows XSS. | |||||
| CVE-2019-1020005 | 1 Inveniosoftware | 1 Invenio-communities | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| invenio-communities before 1.0.0a20 allows XSS. | |||||
| CVE-2019-1020003 | 1 Inveniosoftware | 1 Invenio-records | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| invenio-records before 1.2.2 allows XSS. | |||||
| CVE-2019-1010314 | 1 Gitea | 1 Gitea | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page. | |||||
| CVE-2019-1010307 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). The impact is: All dropdown values are vulnerable to XSS leading to privilege escalation and executing js on admin. The component is: /glpi/ajax/getDropDownValue.php. The attack vector is: 1- User Create a ticket , 2- Admin opens another ticket and click on the "Link Tickets" feature, 3- a request to the endpoint fetches js and executes it. | |||||
| CVE-2019-1010287 | 1 Timesheet Next Gen Project | 1 Timesheet Next Gen | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url. | |||||
| CVE-2019-1010261 | 1 Gitea | 1 Gitea | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically crafted URL. The fixed version is: 1.7.1 and later. | |||||
| CVE-2019-1010247 | 1 Openidc | 1 Mod Auth Openidc | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/mod_auth_openidc.c, Line: 3109. The fixed version is: 2.3.10.2. | |||||
| CVE-2019-1010237 | 1 Ilias | 1 Ilias | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap (attacker) / Corrections view (victim). The fixed version is: 5.3.12. | |||||
| CVE-2019-1010235 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing, Alert pop-up on page, Redirecting to another phishing site, Executing browser exploits. The component is: Snippets. | |||||
| CVE-2019-1010207 | 1 Genetechsolutions | 1 Pie Register | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scripting (XSS). The impact is: Stealing of session cookies. The component is: File: Login. Parameters: interim-login, wp-lang, and supplied URL. The attack vector is: If a victim clicks a malicious link, the attacker can steal his/her account. The fixed version is: 3.0.16. | |||||
| CVE-2019-1010199 | 1 Servicestack | 1 Servicestack | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site Scripting (XSS). The impact is: JavaScrpit is reflected in the server response, hence executed by the browser. The component is: the query used in the GET request is prone. The attack vector is: Since there is no server-side validation and If Browser encoding is bypassed, the victim is affected when opening a crafted URL. The fixed version is: 5.2.0. | |||||