Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 39597 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-25015 1 Openwrt 1 Openwrt 2024-11-21 3.5 LOW 5.4 MEDIUM
LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID.
CVE-2019-25011 1 Netbox 1 Netbox 2024-11-21 3.5 LOW 5.4 MEDIUM
NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments.
CVE-2019-20903 1 Atlassian 1 Editor-core 2024-11-21 3.5 LOW 5.4 MEDIUM
The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in link targets.
CVE-2019-20900 1 Atlassian 2 Jira Data Center, Jira Server 2024-11-21 3.5 LOW 4.8 MEDIUM
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module. The affected versions are before version 8.7.0.
CVE-2019-20803 1 Gilacms 1 Gila Cms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme.
CVE-2019-20802 1 Readdle 1 Documents 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server improperly displays directory names, leading to Stored XSS, which may be used to steal a user's data. This requires user interaction because there is no known direct way for an attacker to create a crafted directory name on a victim's device. However, a crafted directory name can occur if a victim extracts a ZIP archive that was provided by an attacker.
CVE-2019-20798 1 Cherokee-project 1 Cherokee 2024-11-21 6.0 MEDIUM 8.4 HIGH
An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and execute arbitrary commands.
CVE-2019-20789 1 Croogo 1 Croogo 2024-11-21 3.5 LOW 4.8 MEDIUM
Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies.
CVE-2019-20768 1 Servicenow 1 It Service Management 2024-11-21 3.5 LOW 5.4 MEDIUM
ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparm_item_guid and sys_id parameters in an Incident Request to service_catalog.do.
CVE-2019-20759 1 Netgear 2 R9000, R9000 Firmware 2024-11-21 2.9 LOW 5.2 MEDIUM
NETGEAR R9000 devices before 1.0.4.26 are affected by stored XSS.
CVE-2019-20756 1 Netgear 36 Ex3700, Ex3700 Firmware, Ex3800 and 33 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Certain NETGEAR devices are affected by reflected XSS. This affects EX7000 before 1.0.0.64, EX6200 before 1.0.3.86, EX6150 before 1.0.0.38, EX6130 before 1.0.0.22, EX6120 before 1.0.0.40, EX6100 before 1.0.2.22, EX6000 before 1.0.0.30, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, R8300 before 1.0.2.94, R7300DST before 1.0.0.62, R7000P before 1.3.0.20, R6900P before 1.3.0.20, R6400 before 1.0.1.32, R6300v2 before 1.0.4.24, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.18, and WN2500RPv2 before 1.0.1.52.
CVE-2019-20752 1 Netgear 40 D3600, D3600 Firmware, D6000 and 37 more 2024-11-21 3.5 LOW 4.8 MEDIUM
Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.
CVE-2019-20750 1 Netgear 20 D7800, D7800 Firmware, Ex6100 and 17 more 2024-11-21 3.5 LOW 4.8 MEDIUM
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.47, EX6150v2 before 1.0.1.76, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv3 before 1.0.2.70, and WN3100RPv2 before 1.0.0.66.
CVE-2019-20749 1 Netgear 20 D7800, D7800 Firmware, Ex6100 and 17 more 2024-11-21 3.5 LOW 4.8 MEDIUM
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.47, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv3 before 1.0.2.70, and WN3100RPv2 before 1.0.0.66.
CVE-2019-20746 1 Netgear 40 D3600, D3600 Firmware, D6000 and 37 more 2024-11-21 3.5 LOW 4.8 MEDIUM
Certain NETGEAR devices are affected by reflected XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.8, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.
CVE-2019-20743 1 Netgear 2 Wac510, Wac510 Firmware 2024-11-21 2.9 LOW 5.2 MEDIUM
NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS.
CVE-2019-20742 1 Netgear 2 Wac510, Wac510 Firmware 2024-11-21 2.9 LOW 5.2 MEDIUM
NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS.
CVE-2019-20738 1 Netgear 50 D6100, D6100 Firmware, D7800 and 47 more 2024-11-21 3.5 LOW 5.4 MEDIUM
Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.34, JNR1010v2 before 1.1.0.50, JWNR2010v5 before 1.1.0.50, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6100 before 1.0.1.16, R6120 before 1.0.0.40, R6700v2 before 1.2.0.14, R6800 before 1.2.0.14, R6900v2 before 1.2.0.14, R7500v2 before 1.0.3.26, R7800 before 1.0.2.46, R9000 before 1.0.4.2, WN3000RPv2 before 1.0.0.52, WN3000RPv3 before 1.0.2.78, WNDR3700v4 before 1.0.2.102, WNDR3700v5 before 1.1.0.54, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.50, WNR2000v5 before 1.0.0.64, WNR2020 before 1.1.0.50, and WNR2050 before 1.1.0.50. NOTE: this may be a result of an incomplete fix for CVE-2017-18866.
CVE-2019-20721 1 Netgear 38 D7800, D7800 Firmware, Ex2700 and 35 more 2024-11-21 3.5 LOW 4.8 MEDIUM
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.47, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.66, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.66, XR450 before 2.3.2.32, and XR500 before 2.3.2.32.
CVE-2019-20720 1 Netgear 20 D3600, D3600 Firmware, D6000 and 17 more 2024-11-21 3.5 LOW 4.8 MEDIUM
Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D7800 before 1.0.1.47, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv3 before 1.0.2.70, and WN3100RPv2 before 1.0.0.66.