ReportizFlow
Filtered by vendor
Subscriptions
Total
40485 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-13080 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | 5.4 Medium |
| Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser. | ||||
| CVE-2019-13077 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | 6.1 Medium |
| Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_detail_titled.php SAM_TYPE parameter) that allows an attacker to create a malicious link in order to attack authenticated users. | ||||
| CVE-2019-13072 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | 5.4 Medium |
| Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page. | ||||
| CVE-2019-13070 | 1 Cyberpowersystems | 1 Powerpanel | 2024-11-21 | N/A |
| A stored XSS vulnerability in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows a privileged attacker to embed malicious JavaScript in the SNMP trap receivers form. Upon visiting the /agent/action_recipient Event Action/Recipient page, the embedded code will be executed in the browser of the victim. | ||||
| CVE-2019-13068 | 1 Grafana | 1 Grafana | 2024-11-21 | N/A |
| public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field). | ||||
| CVE-2019-13066 | 1 Sahipro | 1 Sahi Pro | 2024-11-21 | 6.1 Medium |
| Sahi Pro 8.0.0 has a script manager arena located at _s_/dyn/pro/DBReports with many different areas that are vulnerable to reflected XSS, by updating a script's Script Name, Suite Name, Base URL, Android, iOS, Scripts Run, Origin Machine, or Comment field. The sql parameter can be used to trigger reflected XSS. | ||||
| CVE-2019-12970 | 1 Squirrelmail | 1 Squirrelmail | 2024-11-21 | N/A |
| XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of (for example) a NOEMBED, NOFRAMES, NOSCRIPT, or TEXTAREA element. | ||||
| CVE-2019-12964 | 1 Livezilla | 1 Livezilla | 2024-11-21 | N/A |
| LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject. | ||||
| CVE-2019-12963 | 1 Livezilla | 1 Livezilla | 2024-11-21 | N/A |
| LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action. | ||||
| CVE-2019-12962 | 1 Livezilla | 1 Livezilla | 2024-11-21 | 6.1 Medium |
| LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header. | ||||
| CVE-2019-12954 | 1 Solarwinds | 2 Network Performance Monitor Orion Platform 2018 Netpath, Network Performance Monitor Orion Platform 2018 Npm | 2024-11-21 | 5.4 Medium |
| SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT. | ||||
| CVE-2019-12950 | 1 Teampass | 1 Teampass | 2024-11-21 | N/A |
| An issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php "Import items" feature, it is possible to load a crafted CSV file with an XSS payload. | ||||
| CVE-2019-12949 | 1 Netgate | 1 Pfsense | 2024-11-21 | N/A |
| In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage XSS to upload arbitrary executable code, via diag_command.php and rrd_fetch_json.php (timePeriod parameter), to a server. Then, the remote attacker can run any command with root privileges on that server. | ||||
| CVE-2019-12935 | 1 Shopware | 1 Shopware | 2024-11-21 | N/A |
| Shopware before 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI. | ||||
| CVE-2019-12934 | 1 Wp-code-highlightjs Project | 1 Wp-code-highlightjs | 2024-11-21 | N/A |
| An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css parameter. | ||||
| CVE-2019-12932 | 1 Seeddms | 1 Seeddms | 2024-11-21 | N/A |
| A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php. | ||||
| CVE-2019-12930 | 1 Wikindx Project | 1 Wikindx | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability in noMenu() and noSubMenu() in core/navigation/MENU.php in WIKINDX prior to version 5.8.1 allows remote attackers to inject arbitrary web script or HTML via the method parameter. | ||||
| CVE-2019-12927 | 1 Mailenable | 1 Mailenable | 2024-11-21 | N/A |
| MailEnable Enterprise Premium 10.23 was vulnerable to stored and reflected cross-site scripting (XSS) attacks. Because the session cookie did not use the HttpOnly flag, it was possible to hijack the session cookie by exploiting this vulnerability. | ||||
| CVE-2019-12917 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | 6.1 Medium |
| A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/software_library.php component via the PATH_INFO. | ||||
| CVE-2019-12905 | 1 Afian | 1 Filerun | 2024-11-21 | 6.1 Medium |
| FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman§ion=do&page=up URI. This issue has been fixed in FileRun 2019.06.01. | ||||