Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17523 | 1 Technicolor | 2 Tc7300.b0, Tc7300.b0 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp. | |||||
| CVE-2019-17522 | 1 Hotarucms | 1 Hotarucms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored XSS vulnerability was discovered in Hotaru CMS v1.7.2 via the admin_index.php?page=settings SITE NAME field (aka SITE_NAME), a related issue to CVE-2011-4709.1. | |||||
| CVE-2019-17515 | 1 Cleantalk | 1 Spam Protection\, Antispam\, Firewall | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and inc/cleantalk-comments.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL. | |||||
| CVE-2019-17504 | 1 Kirona | 1 Dynamic Resource Scheduling | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. A reflected Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script via the /osm/report/ password parameter. | |||||
| CVE-2019-17496 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion. | |||||
| CVE-2019-17494 | 1 Laravel-bjyblog Project | 1 Laravel-bjyblog | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| laravel-bjyblog 6.1.1 has XSS via a crafted URL. | |||||
| CVE-2019-17493 | 1 Jnoj | 1 Jiangnan Online Judge | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_input] parameter to web/admin/problem/create or web/polygon/problem/update. | |||||
| CVE-2019-17491 | 1 Jnoj | 1 Jiangnan Online Judge | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[description] parameter to web/admin/problem/create or web/polygon/problem/update. | |||||
| CVE-2019-17489 | 1 Jnoj | 1 Jiangnan Online Judge | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create. | |||||
| CVE-2019-17488 | 1 B3log | 1 Symphony | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header. | |||||
| CVE-2019-17434 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen. | |||||
| CVE-2019-17433 | 1 Laravel-admin | 1 Laravel-admin | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen. | |||||
| CVE-2019-17432 | 1 Fastadmin | 1 Fastadmin | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the row[name] parameter. | |||||
| CVE-2019-17430 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter. | |||||
| CVE-2019-17427 | 1 Redmine | 1 Redmine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors. | |||||
| CVE-2019-17417 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs. | |||||
| CVE-2019-17409 | 1 Open-emr | 1 Openemr | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 ia the id parameter. | |||||
| CVE-2019-17405 | 1 Nokia | 1 Impact | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nokia IMPACT < 18A: has Reflected self XSS | |||||
| CVE-2019-17385 | 1 Eleopard | 1 Animate It\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The animate-it plugin before 2.3.5 for WordPress has XSS. | |||||
| CVE-2019-17384 | 1 Eleopard | 1 Animate It\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The animate-it plugin before 2.3.4 for WordPress has XSS. | |||||