Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16332 | 1 Api Bearer Auth Project | 1 Api Bearer Auth | 2019-10-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS. | |||||
| CVE-2019-17203 | 1 Teampass | 1 Teampass | 2019-10-08 | 3.5 LOW | 5.4 MEDIUM |
| TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder. | |||||
| CVE-2019-17204 | 1 Teampass | 1 Teampass | 2019-10-08 | 3.5 LOW | 5.4 MEDIUM |
| TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item. | |||||
| CVE-2019-17205 | 1 Teampass | 1 Teampass | 2019-10-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed. | |||||
| CVE-2018-7274 | 1 Quarx Cms Project | 1 Quarx Cms | 2019-10-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Yab Quarx through 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog (Title), FAQ (Question), Pages (Title), Widgets (Name), and Menus (Name). | |||||
| CVE-2019-17074 | 1 Xunruicms | 1 Xunruicms | 2019-10-07 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in XunRuiCMS 4.3.1. There is a stored XSS in the module_category area. | |||||
| CVE-2019-8290 | 1 Online Store System Project | 1 Online Store System | 2019-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected. | |||||
| CVE-2019-11744 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2019-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if a site does not filter user input as strictly for these elements as it does for other elements. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. | |||||
| CVE-2019-8289 | 1 Online Store System Project | 1 Online Store System | 2019-10-04 | 3.5 LOW | 5.4 MEDIUM |
| Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable | |||||
| CVE-2019-8288 | 1 Online Store System Project | 1 Online Store System | 2019-10-04 | 3.5 LOW | 5.4 MEDIUM |
| Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized. | |||||
| CVE-2018-11012 | 1 Halo | 1 Halo | 2019-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java. | |||||
| CVE-2018-11011 | 1 Halo | 1 Halo | 2019-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java. | |||||
| CVE-2019-16684 | 1 Xoops | 1 Xoops | 2019-10-04 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the image-manager in Xoops 2.5.10. When any image with a JavaScript payload as its name is hovered over in the list or in the Edit page, the payload executes. | |||||
| CVE-2019-16683 | 1 Xoops | 1 Xoops | 2019-10-04 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes. | |||||
| CVE-2019-16414 | 1 Gfi | 1 Kerio Control | 2019-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page to send back a victim's cleartext credentials to an attacker via a login/?reason=failure&NTLM= URI. | |||||
| CVE-2019-16171 | 1 Jetbrains | 1 Youtrack | 2019-10-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains YouTrack through 2019.2.56594, stored XSS was found on the issue page. | |||||
| CVE-2019-17045 | 1 Ilch | 1 Ilch Cms | 2019-10-03 | 3.5 LOW | 4.8 MEDIUM |
| Ilch 2.1.22 allows stored XSS via the title, text, or email id to the Jobs Tab. | |||||
| CVE-2019-15037 | 1 Jetbrains | 1 Teamcity | 2019-10-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1. | |||||
| CVE-2018-16204 | 1 Google Xml Sitemaps Project | 1 Google Xml Sitemaps | 2019-10-03 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in Google XML Sitemaps Version 4.0.9 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-8247 | 1 Microsoft | 2 Office Online Server, Office Web Apps | 2019-10-02 | 5.8 MEDIUM | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2018-8245. | |||||