Total
41753 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8649 | 1 Apple | 6 Icloud, Iphone Os, Itunes and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
| CVE-2019-8625 | 2 Apple, Webkitgtk | 3 Icloud, Itunes, Webkitgtk\+ | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
| CVE-2019-8551 | 1 Apple | 5 Icloud, Iphone Os, Itunes and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
| CVE-2019-8505 | 1 Apple | 2 Iphone Os, Safari | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting. | |||||
| CVE-2019-8450 | 1 Atlassian | 1 Jira Server | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a custom field. | |||||
| CVE-2019-8444 | 1 Atlassian | 1 Jira Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification. | |||||
| CVE-2019-8440 | 1 Dilicms | 1 Dilicms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the third textbox (aka site logo) of "System setting->site setting" of admin/index.php, aka site_logo. | |||||
| CVE-2019-8439 | 1 Dilicms | 1 Dilicms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the second textbox of "System setting->site setting" of admin/index.php, aka site_domain. | |||||
| CVE-2019-8438 | 1 Dilicms | 1 Dilicms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the first textbox of "System setting->site setting" of admin/index.php, aka site_name. | |||||
| CVE-2019-8436 | 1 Txjia | 1 Imcat | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter. | |||||
| CVE-2019-8435 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header. | |||||
| CVE-2019-8434 | 1 Cmseasy | 1 Cmseasy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter. | |||||
| CVE-2019-8432 | 1 Cmseasy | 1 Cmseasy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter. | |||||
| CVE-2019-8426 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter. | |||||
| CVE-2019-8425 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages. | |||||
| CVE-2019-8419 | 1 Vnote Project | 1 Vnote | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| VNote 2.2 has XSS via a new text note. | |||||
| CVE-2019-8410 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key). | |||||
| CVE-2019-8400 | 1 Ory | 1 Hydra | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter. | |||||
| CVE-2019-8391 | 1 Qdpm | 1 Qdpm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| qdPM 9.1 suffers from Cross-site Scripting (XSS) via configuration?type=[XSS] parameter. | |||||
| CVE-2019-8390 | 1 Qdpm | 1 Qdpm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keywords] parameter. | |||||