Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12507 | 1 Phprelativepath Project | 1 Phprelativepath | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability exists in PHPRelativePath (aka Relative Path) through 1.0.2 via the RelativePath.Example1.php path parameter. | |||||
| CVE-2019-12475 | 1 Microstrategy | 1 Microstrategy Web | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation. | |||||
| CVE-2019-12471 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. | |||||
| CVE-2019-12461 | 1 Webport | 1 Web Port | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Web Port 1.19.1 allows XSS via the /log type parameter. | |||||
| CVE-2019-12460 | 1 Webport | 1 Web Port | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Web Port 1.19.1 allows XSS via the /access/setup type parameter. | |||||
| CVE-2019-12453 | 1 Microstrategy | 1 Microstrategy Web | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation. | |||||
| CVE-2019-12445 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. A malicious user could execute JavaScript code on notes by importing a specially crafted project file. It allows XSS. | |||||
| CVE-2019-12444 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. Wiki Pages contained a lack of input validation which resulted in a persistent XSS vulnerability. | |||||
| CVE-2019-12442 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics. | |||||
| CVE-2019-12427 | 1 Zimbra | 1 Collaboration Server | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console. | |||||
| CVE-2019-12417 | 1 Apache | 1 Airflow | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process. | |||||
| CVE-2019-12407 | 1 Apache | 1 Jspwiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | |||||
| CVE-2019-12404 | 1 Apache | 1 Jspwiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | |||||
| CVE-2019-12398 | 1 Apache | 1 Airflow | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected. | |||||
| CVE-2019-12397 | 1 Apache | 1 Ranger | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later version of Apache Ranger with the fix. | |||||
| CVE-2019-12386 | 1 Ampache | 1 Ampache | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known by the attacker. | |||||
| CVE-2019-12370 | 1 Readdle | 1 Spark | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Spark application through 2.0.2 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | |||||
| CVE-2019-12369 | 1 Typeapp | 1 Typeapp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The TypeApp application through 1.9.5.35 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | |||||
| CVE-2019-12368 | 1 Edison | 1 Edison Mail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Edison Mail application through 1.7.1 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | |||||
| CVE-2019-12367 | 1 Blixhq | 1 Bluemail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The BlueMail application through 1.9.5.36 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | |||||