Total
41742 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18883 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field. | |||||
| CVE-2019-18882 | 1 Wso2 | 1 Identity Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled. | |||||
| CVE-2019-18881 | 1 Wso2 | 1 Identity Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile. | |||||
| CVE-2019-18873 | 1 Fudforum | 1 Fudforum | 2024-11-21 | 8.5 HIGH | 9.0 CRITICAL |
| FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php. | |||||
| CVE-2019-18859 | 1 Digi | 2 Anywhereusb\/14, Anywhereusb\/14 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Digi AnywhereUSB 14 allows XSS via a link for the Digi Page. | |||||
| CVE-2019-18857 | 1 Svg-sanitizer Project | 1 Svg-sanitizer | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript	:alert substring. | |||||
| CVE-2019-18842 | 1 Usriot | 8 Usr-wifi232-g2, Usr-wifi232-g2 Firmware, Usr-wifi232-h and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the configuration web interface of the Jinan USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module with web version 1.2.2 allows attackers to leak credentials of the Wi-Fi access point the module is logged into, and the web interface login credentials, by opening a Wi-Fi access point nearby with a malicious SSID. | |||||
| CVE-2019-18839 | 1 Fudforum | 1 Fudforum | 2024-11-21 | 8.5 HIGH | 9.0 CRITICAL |
| FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. | |||||
| CVE-2019-18834 | 1 Woocommerce | 1 Subscriptions | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCS_Admin_Post_Types in class-wcs-admin-post-types.php. | |||||
| CVE-2019-18816 | 1 Popojicms | 1 Popojicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows post[1][content]= stored XSS. | |||||
| CVE-2019-18793 | 1 Parallels | 1 Parallels Plesk Panel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/index.htm? via the "fileName" parameter. | |||||
| CVE-2019-18791 | 1 Lexmark | 160 6500e, 6500e Firmware, C734 and 157 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser. | |||||
| CVE-2019-18667 | 1 Pfsense | 1 Pfsense-pkg-freeradius3 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| /usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser. | |||||
| CVE-2019-18664 | 1 Secudos | 1 Domos | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Log module in SECUDOS DOMOS before 5.6 allows XSS. | |||||
| CVE-2019-18656 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBundle/Resources/public/js/pimcore/settings/translations.js mishandles certain HTML elements. | |||||
| CVE-2019-18654 | 2 Avg, Microsoft | 2 Anti-virus, Windows | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. | |||||
| CVE-2019-18653 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. | |||||
| CVE-2019-18652 | 1 Watchguard | 2 Xmt515, Xmt515 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking on a crafted link. The payload was tested in Microsoft Internet Explorer 11.418.18362.0 and Microsoft Edge 44.18362.387.0 (Microsoft EdgeHTML 18.18362). | |||||
| CVE-2019-18649 | 1 Untangle | 1 Ng Firewall | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS. | |||||
| CVE-2019-18648 | 1 Untangle | 1 Ng Firewall | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields. | |||||