Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14667 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description field and the asset account name. The JavaScript code is executed during a convert transaction action. | |||||
| CVE-2019-14653 | 1 Ipandao | 1 Editor.md | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element. | |||||
| CVE-2019-14652 | 1 Amazon | 1 Aws Javascript S3 Explorer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| explorer.js in Amazon AWS JavaScript S3 Explorer (aka aws-js-s3-explorer) v2 alpha before 2019-08-02 allows XSS in certain circumstances. | |||||
| CVE-2019-14550 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a victim clicks on the Edit Dashboard feature present on the Homepage. An attacker can load malicious JavaScript inside the add tab list feature, which would fire when a user clicks on the Edit Dashboard button, thus helping him steal victims' cookies (hence compromising their accounts). | |||||
| CVE-2019-14549 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed inside the title and breadcrumb of a newly formed entity available to all the users. A malicious user can inject JavaScript in these values of an entity, thus stealing user cookies when someone visits the publicly accessible link. | |||||
| CVE-2019-14548 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in EspoCRM before 5.6.9. Stored XSS in the body of an Article was executed when a victim opens articles received through mail. This Article can be formed by an attacker using the Knowledge Base feature in the tab list. The attacker could inject malicious JavaScript inside the body of the article, thus helping him steal victims' cookies (hence compromising their accounts). | |||||
| CVE-2019-14547 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a attacker sends an attachment to admin with malicious JavaScript in the filename. This JavaScript executed when an admin selects the particular file from the list of all attachments. The attacker could inject the JavaScript inside the filename and send it to users, thus helping him steal victims' cookies (hence compromising their accounts). | |||||
| CVE-2019-14546 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed on the Preference page as well as while sending an email when a malicious payload was inserted inside the Email Signature in the Preference page. The attacker could insert malicious JavaScript inside his email signature, which fires when the victim replies or forwards the mail, thus helping him steal victims' cookies (hence compromising their accounts). | |||||
| CVE-2019-14518 | 1 Modx | 1 Evolution Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the "access policy in the administration panel. | |||||
| CVE-2019-14517 | 1 Editor.md Project | 1 Editor.md | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| pandao Editor.md 1.5.0 allows XSS via the Javascript: string. | |||||
| CVE-2019-14512 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/PanelBoxWidget/views/box.php or a label title in application/views/admin/labels/labelview_view.php. | |||||
| CVE-2019-14478 | 1 Adremsoft | 1 Netcrunch | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting (XSS) vulnerability in the NetCrunch web client. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript code in the context of the user's browser if the victim opens or searches for a node whose "Display Name" contains an XSS payload. | |||||
| CVE-2019-14472 | 1 Zurmo | 1 Zurmo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO. | |||||
| CVE-2019-14471 | 1 Testlink | 1 Testlink | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| TestLink 1.9.19 has XSS via the error.php message parameter. | |||||
| CVE-2019-14470 | 2 Instagram-php-api Project, Userproplugin | 2 Instagram-php-api, User Pro | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter. | |||||
| CVE-2019-14469 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS. | |||||
| CVE-2019-14456 | 1 Opengear | 1 Opengear | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Opengear console server firmware releases prior to 4.5.0 have a stored XSS vulnerability related to serial port logging. If a malicious user of an external system (connected to a serial port on an Opengear console server) sends crafted text to a serial port (that has logging enabled), the text will be replayed when the logs are viewed. Exploiting this vulnerability requires access to the serial port and/or console server. | |||||
| CVE-2019-14449 | 1 Cloudera | 1 Cloudera Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting (XSS) when viewed within this product. | |||||
| CVE-2019-14427 | 1 Webstudio | 1 Ultimate Loan Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch under the Branches button that sets the notes parameter with crafted JavaScript code. | |||||
| CVE-2019-14415 | 1 Veritas | 1 Resiliency Platform | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP user to inject malicious script into another user's browser, related to resiliency plans functionality. A victim must open a resiliency plan that an attacker has access to. | |||||