Total
41741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16703 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| admin/infolist_add.php in PHPMyWind 5.6 has stored XSS. | |||||
| CVE-2019-16688 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privilege from Admin to users with no permissions.) | |||||
| CVE-2019-16687 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation. | |||||
| CVE-2019-16686 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin. | |||||
| CVE-2019-16685 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation. | |||||
| CVE-2019-16684 | 1 Xoops | 1 Xoops | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the image-manager in Xoops 2.5.10. When any image with a JavaScript payload as its name is hovered over in the list or in the Edit page, the payload executes. | |||||
| CVE-2019-16683 | 1 Xoops | 1 Xoops | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes. | |||||
| CVE-2019-16681 | 1 Traveloka | 1 Traveloka | 2024-11-21 | 2.6 LOW | 4.7 MEDIUM |
| The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to the opening of arbitrary URLs, which can inject deceptive content into the UI. (When in physical possession of the device, opening local files is also possible.) NOTE: As of 2019-09-23, the vendor has not agreed that this issue has serious impact. The vendor states that the issue is not critical because it does not allow Elevation of Privilege, Sensitive Data Leakage, or any critical unauthorized activity from a malicious user. The vendor also states that a victim must first install a malicious APK to their application. | |||||
| CVE-2019-16665 | 1 Thinksaas | 1 Thinksaas | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element. | |||||
| CVE-2019-16664 | 1 Thinksaas | 1 Thinksaas | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter. | |||||
| CVE-2019-16661 | 1 Digimute | 1 Ogma Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Ogma CMS 0.5 has XSS via creation of a new blog. | |||||
| CVE-2019-16657 | 1 Tuzicms | 1 Tuzicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/. | |||||
| CVE-2019-16643 | 1 Zrlog | 1 Zrlog | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area. | |||||
| CVE-2019-16564 | 1 Jenkins | 1 Pipeline Aggregator View | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content such as job display name or pipeline stage names. | |||||
| CVE-2019-16563 | 1 Jenkins | 1 Mission Control | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job display names and build names shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to change these properties. | |||||
| CVE-2019-16562 | 1 Jenkins | 1 Buildgraph-view | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the description of builds shown in its view, resulting in a stored XSS vulnerability exploitable by users able to change build descriptions. | |||||
| CVE-2019-16534 | 1 Draytek | 8 Vigor2925 Firmware, Vigor2925ac, Vigor2925fn and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product. | |||||
| CVE-2019-16533 | 1 Draytek | 8 Vigor2925 Firmware, Vigor2925ac, Vigor2925fn and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product. | |||||
| CVE-2019-16525 | 1 Checklist | 1 Checklist | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code. | |||||
| CVE-2019-16524 | 1 Status301 | 1 Easy Fancybox | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter. | |||||