Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20181 | 1 Getawesomesupport | 1 Awesome Support | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The awesome-support plugin 5.8.0 for WordPress allows XSS via the post_title parameter. | |||||
| CVE-2019-20174 | 1 Auth0 | 1 Lock | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder. | |||||
| CVE-2019-20173 | 1 Auth0 | 1 Login By Auth0 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php. | |||||
| CVE-2019-20154 | 1 Determine | 1 Contract Lifecycle Management | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. A cross-site scripting (XSS) vulnerability in multiple getchart.jsp parameters allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2019-20152 | 1 Treasuryxpress | 1 Treasuryxpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the Create New Workflow field. As a result, the payload is executed via the navigation bar throughout the application. | |||||
| CVE-2019-20151 | 1 Treasuryxpress | 1 Treasuryxpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed by the application's administrator(s). A malicious payload can be injected within the Multi Approval security component and inserted via the Note field. As a result, the payload is executed by the application's administrator(s). | |||||
| CVE-2019-20141 | 1 Laborator | 1 Neon | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter. | |||||
| CVE-2019-20139 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin user. | |||||
| CVE-2019-20102 | 1 Atlassian | 1 Confluence Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote attackers to achieve stored cross-site- scripting (SXSS) via a malicious attachment with a modified `mimeType` parameter. | |||||
| CVE-2019-20076 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration). | |||||
| CVE-2019-20075 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic). | |||||
| CVE-2019-20073 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration). | |||||
| CVE-2019-20072 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration). | |||||
| CVE-2019-20070 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration). | |||||
| CVE-2019-20058 | 1 Boltcms | 1 Bolt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the _profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040 | |||||
| CVE-2019-20042 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. | |||||
| CVE-2019-20008 | 1 Archerysec | 1 Archery | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project or editing an existing one) will result in stored XSS on the vulnerability-scan scheduling page. | |||||
| CVE-2019-20003 | 1 Dicube | 1 Easescreen Crystal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored XSS via the Debug-Log and Display-Log components. This could be exploited when an attacker sends an crafted string for FTP authentication. | |||||
| CVE-2019-1973 | 1 Cisco | 1 Enterprise Network Function Virtualization Infrastructure | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to improper input validation of log file content stored on the affected device. An attacker could exploit this vulnerability by modifying a log file with malicious code and getting a user to view the modified log file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. | |||||
| CVE-2019-1956 | 1 Cisco | 2 Spa112 2-port Phone Adapter, Spa112 2-port Phone Adapter Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web-based interface of the Cisco SPA112 2-Port Phone Adapter could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user of the device. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected device. An attacker could exploit this vulnerability by inserting malicious code in one of the configuration fields. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||