Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16282 | 1 Nchsoftware | 1 Express Invoice | 2019-10-16 | 3.5 LOW | 5.4 MEDIUM |
| In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript. | |||||
| CVE-2019-17629 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-10-16 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen. | |||||
| CVE-2019-17630 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-10-16 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen. | |||||
| CVE-2019-17176 | 1 Genesys | 1 Eservices Chat | 2019-10-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Genesys PureEngage Digital (eServices) 8.1.x allows XSS via HtmlChatPanel.jsp or HtmlChatFrameSet.jsp (ActionColor, ClientNickNameColor, Email, email, or email_address parameter). | |||||
| CVE-2019-14227 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-10-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite 7.10.1 and 7.10.2 allows XSS. | |||||
| CVE-2019-17535 | 1 Gilacms | 1 Gila Cms | 2019-10-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647. | |||||
| CVE-2015-1981 | 1 Ibm | 1 Domino | 2019-10-16 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the web server in IBM Domino 8.5.x before 8.5.3 FP6 IF8 and 9.x before 9.0.1 FP4, when Webmail is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH9WYPR5. | |||||
| CVE-2019-17504 | 1 Kirona | 1 Dynamic Resource Scheduling | 2019-10-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. A reflected Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script via the /osm/report/ password parameter. | |||||
| CVE-2010-5339 | 1 Icewarp | 1 Webclient | 2019-10-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0. | |||||
| CVE-2010-5337 | 1 Icewarp | 1 Webclient | 2019-10-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0. | |||||
| CVE-2010-5338 | 1 Icewarp | 1 Webclient | 2019-10-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0. | |||||
| CVE-2010-5340 | 1 Icewarp | 1 Webclient | 2019-10-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0. | |||||
| CVE-2010-5336 | 1 Icewarp | 1 Webclient | 2019-10-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0. | |||||
| CVE-2015-9472 | 1 Monitorbacklinks | 1 Incoming Links | 2019-10-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header. | |||||
| CVE-2019-17496 | 1 Craftcms | 1 Craft Cms | 2019-10-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion. | |||||
| CVE-2019-17494 | 1 Laravel-bjyblog Project | 1 Laravel-bjyblog | 2019-10-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| laravel-bjyblog 6.1.1 has XSS via a crafted URL. | |||||
| CVE-2015-9478 | 1 No-margin-for-error | 1 Prettyphoto | 2019-10-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS. | |||||
| CVE-2019-17108 | 1 Centreon | 1 Centreon Web | 2019-10-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user. | |||||
| CVE-2019-17488 | 1 B3log | 1 Symphony | 2019-10-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header. | |||||
| CVE-2019-1375 | 1 Microsoft | 1 Dynamics 365 | 2019-10-15 | 3.5 LOW | 5.4 MEDIUM |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. | |||||