Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17223 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php. | |||||
| CVE-2019-17222 | 1 Intelbras | 2 Wrn 150, Wrn 150 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on Intelbras WRN 150 1.0.17 devices. There is stored XSS in the Service Name tab of the WAN configuration screen, leading to a denial of service (inability to change the configuration). | |||||
| CVE-2019-17220 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line. | |||||
| CVE-2019-17214 | 1 Webarxsecurity | 1 Webarx | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending &cc=1 to a URI. | |||||
| CVE-2019-17213 | 1 Webarxsecurity | 1 Webarx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS via the URI or the X-Forwarded-For HTTP header. | |||||
| CVE-2019-17207 | 1 Managewp | 1 Broken Link Checker | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A reflected XSS vulnerability was found in includes/admin/table-printer.php in the broken-link-checker (aka Broken Link Checker) plugin 1.11.8 for WordPress. This allows unauthorized users to inject client-side JavaScript into an admin-only WordPress page via the wp-admin/tools.php?page=view-broken-links s_filter parameter in a search action. | |||||
| CVE-2019-17205 | 1 Teampass | 1 Teampass | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed. | |||||
| CVE-2019-17204 | 1 Teampass | 1 Teampass | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item. | |||||
| CVE-2019-17203 | 1 Teampass | 1 Teampass | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder. | |||||
| CVE-2019-17189 | 1 Totemo | 1 Totemodata | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| totemodata 3.0.0_b936 has XSS via a folder name. | |||||
| CVE-2019-17179 | 1 Open-emr | 1 Openemr | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| 4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5.0.0, 5.0.0.5, 5.0.0.6, 5.0.1, 5.0.1.1, 5.0.1.2, 5.0.1.3, 5.0.1.4, 5.0.1.5, 5.0.1.6, 5.0.1.7, 5.0.2, fixed in version 5.0.2.1 | |||||
| CVE-2019-17176 | 1 Genesys | 1 Eservices Chat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Genesys PureEngage Digital (eServices) 8.1.x allows XSS via HtmlChatPanel.jsp or HtmlChatFrameSet.jsp (ActionColor, ClientNickNameColor, Email, email, or email_address parameter). | |||||
| CVE-2019-17127 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation. | |||||
| CVE-2019-17125 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. | |||||
| CVE-2019-17121 | 1 Vanderbilt | 1 Redcap | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| REDCap before 9.3.4 has XSS on the Customize & Manage Locking/E-signatures page via Lock Record Custom Text values. | |||||
| CVE-2019-17120 | 1 Wikidsystems | 1 2fa Enterprise Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/adm_usrs.jsp. The usr parameter is vulnerable: the reflected cross-site scripting occurs immediately after the user is created. The malicious script is stored and will be executed whenever /WiKIDAdmin/adm_usrs.jsp is visited. | |||||
| CVE-2019-17116 | 1 Wikidsystems | 1 Two Factor Authentication Enterprise Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/groups.jsp. The groupName parameter is vulnerable: the reflected cross-site scripting occurs immediately after the group is created. The malicious script is stored and will be executed again whenever /WiKIDAdmin/groups.jsp is visited. | |||||
| CVE-2019-17115 | 1 Wikidsystems | 1 Two Factor Authentication Enterprise Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The rendered_message column is retrieved and displayed, unsanitized, on Logs.jsp. A remote attack can populate the rendered_message column with malicious values via: (1) H parameter to /wikid/servlet/com.wikidsystems.server.GetDomainHash (2) S parameter to: - /wikid/DomainData - /wikid/PreRegisterLookup - /wikid/PreRegister - /wikid/InitDevice - /wikid/servlet/InitDevice2S - /wikid/servlet/InitDevice3S - /servlet/com.wikidsystems.server.InitDevice2S - /servlet/com.wikidsystems.server.InitDevice3S - /servlet/com.wikidsystems.server.InitDevice4S - /wikid/servlet/com.wikidsystems.server.InitDevice4AES - /wikid/servlet/com.wikidsystems.server.InitDevice5AES (3) a parameter to: - /wikid/PreRegisterLookup - /wikid/InitDevice - /wikid/servlet/InitDevice2S - /wikid/servlet/InitDevice3S - /servlet/com.wikidsystems.server.InitDevice2S - /servlet/com.wikidsystems.server.InitDevice3S - /servlet/com.wikidsystems.server.InitDevice4S - /wikid/servlet/com.wikidsystems.server.InitDevice4AES - /wikid/servlet/com.wikidsystems.server.InitDevice5AES. | |||||
| CVE-2019-17114 | 1 Wikidsystems | 1 Two Factor Authentication Enterprise Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scripting occurs immediately after a .csv file is uploaded. The malicious script is stored and can be executed again when the List Pre-Registration functionality is used. | |||||
| CVE-2019-17108 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user. | |||||