Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16719 | 1 Wtcms Project | 1 Wtcms | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS. | |||||
| CVE-2019-1105 | 1 Microsoft | 1 Outlook | 2020-08-24 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'. | |||||
| CVE-2019-12361 | 1 Phome | 1 Empirecms | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page. | |||||
| CVE-2019-11193 | 1 Infinitumit | 1 Directadmin | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMD_FILE_MANAGER, CMD_SHOW_USER, and CMD_SHOW_RESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel. | |||||
| CVE-2019-0951 | 1 Microsoft | 1 Sharepoint Foundation | 2020-08-24 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0949, CVE-2019-0950. | |||||
| CVE-2019-0949 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2020-08-24 | 3.5 LOW | 5.7 MEDIUM |
| A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0950, CVE-2019-0951. | |||||
| CVE-2019-19979 | 1 Wp Maintenance Project | 1 Wp Maintenance | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site's maintenance mode and inject malicious code affecting site visitors. There was CSRF with resultant XSS. | |||||
| CVE-2019-17432 | 1 Fastadmin | 1 Fastadmin | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the row[name] parameter. | |||||
| CVE-2019-10049 | 1 Pydio | 1 Pydio | 2020-08-24 | 4.9 MEDIUM | 7.3 HIGH |
| It is possible for an attacker with regular user access to the web application of Pydio through 8.2.2 to trick an administrator user into opening a link shared through the application, that in turn opens a shared file that contains JavaScript code (that is executed in the context of the victim user to obtain sensitive information such as session identifiers and perform actions on behalf of him/her). | |||||
| CVE-2019-0869 | 1 Microsoft | 1 Azure Devops Server | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'. | |||||
| CVE-2019-5397 | 1 Hp | 2 3par Service Processor, 3par Service Processor Firmware | 2020-08-24 | 9.7 HIGH | 9.4 CRITICAL |
| A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. | |||||
| CVE-2019-1218 | 1 Microsoft | 1 Outlook | 2020-08-24 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists in the way Microsoft Outlook iOS software parses specifically crafted email messages, aka 'Outlook iOS Spoofing Vulnerability'. | |||||
| CVE-2019-0950 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2020-08-24 | 3.5 LOW | 5.7 MEDIUM |
| A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0949, CVE-2019-0951. | |||||
| CVE-2019-12095 | 1 Horde | 1 Groupware | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload. | |||||
| CVE-2019-0213 | 1 Apache | 1 Archiva | 2020-08-24 | 5.5 MEDIUM | 6.5 MEDIUM |
| In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva server must be compromised. | |||||
| CVE-2019-5975 | 1 Cybozu | 1 Garoon | 2020-08-24 | 3.5 LOW | 5.4 MEDIUM |
| DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-10226 | 1 Fatfreecrm | 1 Fat Free Crm | 2020-08-24 | 4.3 MEDIUM | 5.4 MEDIUM |
| HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI. | |||||
| CVE-2019-11215 | 1 Combodo | 1 Itop | 2020-08-24 | 6.8 MEDIUM | 8.1 HIGH |
| In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a writable state: during installation; during upgrade; in certain cases, an error during modification of the file from the web interface leaves the file writable (can be triggered with XSS); a race condition can be triggered by the hub-connector module (community version only from 2.4.1 to 2.6.0); or editing the file in a CLI. | |||||
| CVE-2019-0958 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0957. | |||||
| CVE-2018-9079 | 1 Lenovo | 40 Ez Media \& Backup Center, Ez Media \& Backup Center Firmware, Ix2 and 37 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the origin of the device. | |||||