Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7299 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the submit_ticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the subject parameter in wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/ajax/submit_ticket.php. | |||||
| CVE-2019-7296 | 1 Typora | 1 Typora | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| typora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula. | |||||
| CVE-2019-7295 | 1 Typora | 1 Typora | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| typora through 0.9.63 has XSS, with resultant remote command execution, during block rendering of a mathematical formula. | |||||
| CVE-2019-7255 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Linear eMerge E3-Series devices allow XSS. | |||||
| CVE-2019-7250 | 1 Cross Reference Project | 1 Cross Reference | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the Cross Reference Add-on 36 for Google Docs. Stored XSS in the preview boxes in the configuration panel may allow a malicious user to use both label text and references text to inject arbitrary JavaScript code (via SCRIPT elements, event handlers, etc.). Since this code is stored by the plugin, the attacker may be able to target anyone who opens the configuration panel of the plugin. | |||||
| CVE-2019-7223 | 1 Invoiceplane | 1 Invoiceplane | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save invoice_password parameter, aka the "PDF password" field to the "Create Invoice" option. The XSS payload is rendered at an index.php/invoices/view/## URI. NOTE: this is different from CVE-2018-12255. | |||||
| CVE-2019-7220 | 1 Qualiteam | 1 X-cart | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| X-Cart V5 is vulnerable to XSS via the CategoryFilter2 parameter. | |||||
| CVE-2019-7219 | 1 Zarafa | 1 Webaccess | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead. | |||||
| CVE-2019-7211 | 1 Smartertools | 1 Smartermail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a malicious email or when viewing a malicious file attachment. | |||||
| CVE-2019-7197 | 1 Qnap | 1 Qts | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS. If exploited, this vulnerability may allow an attacker to inject and execute scripts on the administrator console. To fix this vulnerability, QNAP recommend updating QTS to the latest version. | |||||
| CVE-2019-7185 | 1 Qnap | 2 Music Station, Qts | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Music Station to their latest versions. | |||||
| CVE-2019-7184 | 1 Qnap | 2 Qts, Video Station | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Video Station to their latest versions. | |||||
| CVE-2019-7173 | 1 Croogo | 1 Croogo | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4. | |||||
| CVE-2019-7172 | 1 Atutor | 1 Atutor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php. | |||||
| CVE-2019-7171 | 1 Croogo | 1 Croogo | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8. | |||||
| CVE-2019-7170 | 1 Croogo | 1 Croogo | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies. | |||||
| CVE-2019-7169 | 1 Croogo | 1 Croogo | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3. | |||||
| CVE-2019-7168 | 1 Croogo | 1 Croogo | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog. | |||||
| CVE-2019-7129 | 1 Adobe | 1 Experience Manager Forms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2019-7092 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability. Successful exploitation could lead to information disclosure . | |||||