Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19466 | 1 Sceditor | 1 Sceditor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SCEditor 2.1.3 allows XSS. | |||||
| CVE-2019-19461 | 1 Teampasswordmanager | 1 Team Password Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Post-authentication Stored XSS in Team Password Manager through 7.93.204 allows attackers to steal other users' credentials by creating a shared password with HTML code as the title. | |||||
| CVE-2019-19457 | 1 Saltosystem | 1 Proaccess Space | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SALTO ProAccess SPACE 5.4.3.0 allows XSS. | |||||
| CVE-2019-19456 | 1 Wowza | 1 Streaming Engine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine <= 4.x.x. This issue was resolved in Wowza Streaming Engine 4.8.0. | |||||
| CVE-2019-19453 | 1 Wowza | 1 Streaming Engine | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Wowza Streaming Engine before 4.8.5 allows XSS (issue 1 of 2). An authenticated user, with access to the proxy license editing is able to insert a malicious payload that will be triggered in the main page of server settings. This issue was resolved in Wowza Streaming Engine 4.8.5. | |||||
| CVE-2019-19394 | 1 Northern.tech | 1 Cfengine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x before 3.12.3, 3.13.x, and 3.14.x allows XSS. This is fixed in 3.10.7, 3.12.3, and 3.15.0. | |||||
| CVE-2019-19393 | 1 Rittal | 2 Cmc Pu Iii 7030.000, Cmc Pu Iii 7030.000 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.00_2 to V3.15.70_4 devices fails to sanitize user input on the system configurations page. This allows an attacker to backdoor the device with HTML and browser-interpreted content (such as JavaScript or other client-side scripts) as the content is always displayed after and before login. Persistent XSS allows an attacker to modify displayed content or to change the victim's information. Successful exploitation requires access to the web management interface, either with valid credentials or a hijacked session. | |||||
| CVE-2019-19390 | 1 Matrix42 | 1 Workspace Management | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Search parameter of the Software Catalogue section of Matrix42 Workspace Management 9.1.2.2765 and below accepts unfiltered parameters that lead to multiple reflected XSS issues. | |||||
| CVE-2019-19388 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter. | |||||
| CVE-2019-19387 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter. | |||||
| CVE-2019-19386 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter. | |||||
| CVE-2019-19385 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter. | |||||
| CVE-2019-19384 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter. | |||||
| CVE-2019-19381 | 1 Abacus | 1 Abacus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| oauth/oauth2/v1/saml/ in Abacus OAuth Login 2019_01_r4_20191021_0000 before prior to R4 (20.11.2019 Hotfix) allows Reflected Cross Site Scripting (XSS) via an error message. | |||||
| CVE-2019-19371 | 1 Mitel | 1 Micollab Audio\, Web \& Video Conferencing | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the join meeting interface. A successful exploit could allow an attacker to execute arbitrary scripts. | |||||
| CVE-2019-19370 | 1 Mitel | 1 Micollab | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the web conferencing component of the Mitel MiCollab application before 9.0.15 for Android could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the file upload interface. A successful exploit could allow an attacker to execute arbitrary scripts. | |||||
| CVE-2019-19368 | 1 Maxum | 1 Rumpus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts | |||||
| CVE-2019-19367 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2019-19366 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter. | |||||
| CVE-2019-19336 | 2 Ovirt, Redhat | 2 Ovirt-engine, Virtualization | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML pages that can run scripts in the context of the user's oVirt session. | |||||