ReportizFlow
Filtered by vendor
Subscriptions
Total
43001 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9592 | 1 Mitel | 1 Connect Onsite | 2024-11-21 | 6.1 Medium |
| A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | ||||
| CVE-2019-9591 | 1 Mitel | 1 Connect Onsite | 2024-11-21 | 6.1 Medium |
| A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 allows remote attackers to inject arbitrary web script or HTML via the brandUrl parameter. | ||||
| CVE-2019-9580 | 1 Stackstorm | 1 Stackstorm | 2024-11-21 | N/A |
| In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a "null" origin value, potentially leading to XSS. | ||||
| CVE-2019-9576 | 1 Adenion | 1 Blog2social | 2024-11-21 | N/A |
| The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS. | ||||
| CVE-2019-9575 | 1 Quizandsurveymaster | 1 Quiz And Survey Master | 2024-11-21 | N/A |
| The Quiz And Survey Master plugin 6.0.4 for WordPress allows wp-admin/admin.php?page=mlw_quiz_results quiz_id XSS. | ||||
| CVE-2019-9570 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | N/A |
| An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/system_manage/save.html URI, related to the site_code parameter. | ||||
| CVE-2019-9567 | 1 Incsub | 1 Forminator | 2024-11-21 | 6.1 Medium |
| The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll. | ||||
| CVE-2019-9558 | 1 Mailtraq | 1 Webmail | 2024-11-21 | N/A |
| Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting (XSS) via the body of an e-mail message. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe. | ||||
| CVE-2019-9557 | 1 Codecrafters | 1 Ability Mail Server | 2024-11-21 | N/A |
| Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe. | ||||
| CVE-2019-9556 | 1 Fiberhomegroup | 2 An5506-04-f, An5506-04-f Firmware | 2024-11-21 | 5.4 Medium |
| FiberHome an5506-04-f RP2669 devices have XSS. | ||||
| CVE-2019-9554 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 6.1 Medium |
| In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI. | ||||
| CVE-2019-9553 | 1 Boltcms | 1 Bolt | 2024-11-21 | 6.1 Medium |
| Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933. | ||||
| CVE-2019-9551 | 1 Wdoyo | 1 Doyocms | 2024-11-21 | N/A |
| An issue was discovered in DOYO (aka doyocms) 2.3 through 2015-05-06. It has admin.php XSS. | ||||
| CVE-2019-9550 | 1 Dhcms Project | 1 Dhcms | 2024-11-21 | N/A |
| DhCms through 2017-09-18 has admin.php?r=admin/Index/index XSS. | ||||
| CVE-2019-9542 | 1 Telos | 1 Automated Message Handling System | 2024-11-21 | 6.1 Medium |
| : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | ||||
| CVE-2019-9541 | 1 Telos | 1 Automated Message Handling System | 2024-11-21 | 6.1 Medium |
| : Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | ||||
| CVE-2019-9540 | 1 Telos | 1 Automated Message Handling System | 2024-11-21 | 6.1 Medium |
| : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prefs.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | ||||
| CVE-2019-9539 | 1 Telos | 1 Automated Message Handling System | 2024-11-21 | 6.1 Medium |
| : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ModalWindowPopup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | ||||
| CVE-2019-9538 | 1 Telos | 1 Automated Message Handling System | 2024-11-21 | 6.1 Medium |
| : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | ||||
| CVE-2019-9537 | 1 Telos | 1 Automated Message Handling System | 2024-11-21 | 6.1 Medium |
| : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uploaditem.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5. | ||||