Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-0858 | 1 Microsoft | 1 Exchange Server | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0817. | |||||
| CVE-2019-19328 | 1 Wikimedia | 1 Wikidata Query Gui | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT. | |||||
| CVE-2019-11845 | 1 Ricoh | 2 Sp 4510dn, Sp 4510dn Firmware | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter. | |||||
| CVE-2019-11844 | 1 Ricoh | 2 Sp 4520dn, Sp 4520dn Firmware | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter. | |||||
| CVE-2018-8979 | 1 Open-audit | 1 Open-audit | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI. | |||||
| CVE-2019-0798 | 1 Microsoft | 2 Lync Server, Skype For Business Server | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business and Lync Spoofing Vulnerability'. | |||||
| CVE-2019-15331 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for WordPress has HTML injection. | |||||
| CVE-2019-16068 | 1 Netsas | 1 Enigma Network Management Solution | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious manage_files.cgi request. This can be triggered via XSS or an IFRAME tag included within the site. | |||||
| CVE-2019-1583 | 1 Paloaltonetworks | 1 Twistlock | 2020-08-24 | 6.0 MEDIUM | 8.0 HIGH |
| Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another user. Active interaction with an affected component is required for the payload to execute on the victim. | |||||
| CVE-2019-0668 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-7435 | 1 Opensource Classified Ads Script Project | 1 Opensource Classified Ads Script | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected HTML injection via the Search Form. | |||||
| CVE-2019-7430 | 1 Image Sharing Script Project | 1 Image Sharing Script | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the Search Bar. | |||||
| CVE-2019-15816 | 1 Wpexpertdeveloper | 1 Wp Private Content Plus | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions. | |||||
| CVE-2019-19212 | 1 Dolibarr | 1 Dolibarr | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen). | |||||
| CVE-2019-0319 | 1 Sap | 2 Gateway, Ui5 | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not. | |||||
| CVE-2019-0624 | 1 Microsoft | 1 Skype For Business | 2020-08-24 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype. | |||||
| CVE-2019-18857 | 1 Svg-sanitizer Project | 1 Svg-sanitizer | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript	:alert substring. | |||||
| CVE-2019-7402 | 1 Phpmywind | 1 Phpmywind | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg_qqcode parameter. This can be exploited via CSRF. | |||||
| CVE-2019-7432 | 1 Rental Bike Script Project | 1 Rental Bike Script | 2020-08-24 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the STREET field in the Profile Edit section. | |||||
| CVE-2019-15724 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection. | |||||