Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7567 | 1 Bijiadao | 1 Waimai Super Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member&a=adminaddsave has XSS via the username or password parameter. | |||||
| CVE-2019-7554 | 1 Api Based Travel Booking Project | 1 Api Based Travel Booking | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in PHP Scripts Mall API Based Travel Booking 3.4.7. There is Reflected XSS via the flight-results.php d2 parameter. | |||||
| CVE-2019-7553 | 1 Chartered Accountant \ | 1 Auditor Website Project | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has Stored XSS in the Profile Update page via the My Name field. | |||||
| CVE-2019-7552 | 1 Investment Mlm Software Project | 1 Investment Mlm Software | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in PHP Scripts Mall Investment MLM Software 2.0.2. Stored XSS was found in the the My Profile Section. This is due to lack of sanitization in the Edit Name section. | |||||
| CVE-2019-7551 | 1 Cantemo | 1 Portal | 2024-11-21 | 6.0 MEDIUM | 9.0 CRITICAL |
| Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could enable account creation and deletion as well as deletion of information contained within the app. | |||||
| CVE-2019-7547 | 1 Topnew | 1 Sidu | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in SIDU 6.0. Because the database name is not strictly filtered, the attacker can insert a name containing an XSS Payload, leading to stored XSS. | |||||
| CVE-2019-7546 | 1 Topnew | 1 Sidu | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in SIDU 6.0. The dbs parameter of the conn.php page has a reflected Cross-site Scripting (XSS) vulnerability. | |||||
| CVE-2019-7545 | 1 Dbninja | 1 Dbninja | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In DbNinja 3.2.7, the Add Host function of the Manage Hosts pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name field. | |||||
| CVE-2019-7544 | 1 Mywebsql | 1 Mywebsql | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in MyWebSQL 3.7. The Add User function of the User Manager pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name Field. | |||||
| CVE-2019-7543 | 1 Kindsoft | 1 Kindeditor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability. | |||||
| CVE-2019-7541 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring. | |||||
| CVE-2019-7438 | 1 Jio | 2 Jiofi 4g M2s, Jiofi 4g M2s Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter. | |||||
| CVE-2019-7437 | 1 Opensource Classified Ads Script Project | 1 Opensource Classified Ads Script | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected Cross-Site Scripting (XSS) via the Search field. | |||||
| CVE-2019-7435 | 1 Opensource Classified Ads Script Project | 1 Opensource Classified Ads Script | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected HTML injection via the Search Form. | |||||
| CVE-2019-7432 | 1 Rental Bike Script Project | 1 Rental Bike Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the STREET field in the Profile Edit section. | |||||
| CVE-2019-7430 | 1 Image Sharing Script Project | 1 Image Sharing Script | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the Search Bar. | |||||
| CVE-2019-7427 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the autorefTime or graphTypes parameter. | |||||
| CVE-2019-7426 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the groupDesc, groupName, groupID, or task parameter. | |||||
| CVE-2019-7425 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter. | |||||
| CVE-2019-7424 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. The latter is related to CVE-2009-3903. | |||||