Total
43561 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20182 | 1 Fooplugins | 1 Foogallery | 2024-11-21 | 4.8 Medium |
| The FooGallery plugin 1.8.12 for WordPress allow XSS via the post_title parameter. | ||||
| CVE-2019-20181 | 1 Getawesomesupport | 1 Awesome Support | 2024-11-21 | 4.8 Medium |
| The awesome-support plugin 5.8.0 for WordPress allows XSS via the post_title parameter. | ||||
| CVE-2019-20174 | 1 Auth0 | 1 Lock | 2024-11-21 | 6.1 Medium |
| Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder. | ||||
| CVE-2019-20173 | 1 Auth0 | 1 Login By Auth0 | 2024-11-21 | 6.1 Medium |
| The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php. | ||||
| CVE-2019-20154 | 1 Determine | 1 Contract Lifecycle Management | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. A cross-site scripting (XSS) vulnerability in multiple getchart.jsp parameters allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2019-20152 | 1 Treasuryxpress | 1 Treasuryxpress | 2024-11-21 | 6.1 Medium |
| An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the Create New Workflow field. As a result, the payload is executed via the navigation bar throughout the application. | ||||
| CVE-2019-20151 | 1 Treasuryxpress | 1 Treasuryxpress | 2024-11-21 | 6.1 Medium |
| An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed by the application's administrator(s). A malicious payload can be injected within the Multi Approval security component and inserted via the Note field. As a result, the payload is executed by the application's administrator(s). | ||||
| CVE-2019-20141 | 1 Laborator | 1 Neon | 2024-11-21 | 6.1 Medium |
| An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter. | ||||
| CVE-2019-20139 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 5.4 Medium |
| In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin user. | ||||
| CVE-2019-20102 | 1 Atlassian | 1 Confluence Server | 2024-11-21 | 6.1 Medium |
| The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote attackers to achieve stored cross-site- scripting (SXSS) via a malicious attachment with a modified `mimeType` parameter. | ||||
| CVE-2019-20076 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2024-11-21 | 6.1 Medium |
| On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration). | ||||
| CVE-2019-20075 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2024-11-21 | 6.1 Medium |
| On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic). | ||||
| CVE-2019-20073 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2024-11-21 | 6.1 Medium |
| On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration). | ||||
| CVE-2019-20072 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2024-11-21 | 6.1 Medium |
| On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration). | ||||
| CVE-2019-20070 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2024-11-21 | 6.1 Medium |
| On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration). | ||||
| CVE-2019-20058 | 1 Boltcms | 1 Bolt | 2024-11-21 | 6.1 Medium |
| Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the _profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040 | ||||
| CVE-2019-20042 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 6.1 Medium |
| In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. | ||||
| CVE-2019-20008 | 1 Archerysec | 1 Archery | 2024-11-21 | 5.4 Medium |
| In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project or editing an existing one) will result in stored XSS on the vulnerability-scan scheduling page. | ||||
| CVE-2019-20003 | 1 Dicube | 1 Easescreen Crystal | 2024-11-21 | 6.1 Medium |
| Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored XSS via the Debug-Log and Display-Log components. This could be exploited when an attacker sends an crafted string for FTP authentication. | ||||
| CVE-2019-1583 | 1 Paloaltonetworks | 1 Twistlock | 2024-11-21 | N/A |
| Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another user. Active interaction with an affected component is required for the payload to execute on the victim. | ||||