Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19661 | 1 Maxum | 1 Rumpus Ftp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp. | |||||
| CVE-2019-19632 | 1 Bigswitch | 3 Big Cloud Fabric, Big Monitoring Fabric, Multi-cloud Director | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. An unauthenticated attacker may inject stored arbitrary JavaScript (XSS), and execute it in the content of authenticated administrators. | |||||
| CVE-2019-19619 | 1 Documize | 1 Documize | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS. | |||||
| CVE-2019-19615 | 1 Sangoma | 1 Freepbx | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and embed malicious XSS code via a link. When another user (such as an admin) clicks the link, the XSS payload will render and execute in the context of the victim user's account. | |||||
| CVE-2019-19612 | 1 Halvotec | 1 Raquest | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Halvotec RaQuest 10.23.10801.0. Several features of the application allow stored Cross-site Scripting (XSS). Fixed in Release 24.2020.20608.0. | |||||
| CVE-2019-19596 | 1 Gitbook | 1 Gitbook | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| GitBook through 2.6.9 allows XSS via a local .md file. | |||||
| CVE-2019-19592 | 1 Jamasoftware | 1 Connect | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jama Connect 8.44.0 is vulnerable to stored Cross-Site Scripting | |||||
| CVE-2019-19587 | 1 Wso2 | 1 Enterprise Integrator | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In WSO2 Enterprise Integrator 6.5.0, reflected XSS occurs when updating the message processor configuration from the source view in the Management Console. | |||||
| CVE-2019-19552 | 1 Sangoma | 1 Freepbx | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user's account. | |||||
| CVE-2019-19551 | 1 Sangoma | 1 Freepbx | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user's profile, the XSS payload will render and execute in the context of the victim user's account. | |||||
| CVE-2019-19547 | 2 Fedoraproject, Symantec | 2 Fedora, Endpoint Detection And Response | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. | |||||
| CVE-2019-19542 | 1 Cridio | 1 Listingpro | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page. | |||||
| CVE-2019-19541 | 1 Cridio | 1 Listingpro | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page. | |||||
| CVE-2019-19540 | 1 Cridio | 1 Listingpro | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage. | |||||
| CVE-2019-19515 | 1 Ayision | 2 Ays-wr01, Ays-wr01 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in wireless settings. | |||||
| CVE-2019-19514 | 1 Ayision | 2 Ays-wr01, Ays-wr01 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in basic repeater settings via an SSID. | |||||
| CVE-2019-19500 | 1 Matrix42 | 1 Workspace Management | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Matrix42 Workspace Management 9.1.2.2765 and below allows stored XSS via unfiltered description parameters, as demonstrated by the comment field of a special order for individual software. | |||||
| CVE-2019-19497 | 1 Altn | 1 Mdaemon Email Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| MDaemon Email Server 17.5.1 allows XSS via the filename of an attachment to an email message. | |||||
| CVE-2019-19496 | 1 Alfresco | 1 Alfresco | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document. | |||||
| CVE-2019-19491 | 1 Testlink | 1 Testlink | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request. | |||||