ReportizFlow
Filtered by vendor
Subscriptions
Total
43001 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9509 | 1 Vertiv | 2 Avocent Umg-4000, Avocent Umg-4000 Firmware | 2024-11-21 | 6.3 Medium |
| The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before displaying to users in a web page, which could allow a remote attacker authenticated with a user account to execute arbitrary code. | ||||
| CVE-2019-9508 | 1 Vertiv | 2 Avocent Umg-4000, Avocent Umg-4000 Firmware | 2024-11-21 | 6.3 Medium |
| The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to stored XSS. A remote attacker authenticated with an administrator account could store a maliciously named file within the web application that would execute each time a user browsed to the page. | ||||
| CVE-2019-9230 | 1 Audiocodes | 8 Mediant 500-mbsr, Mediant 500-mbsr Firmware, Mediant 500l-msbr and 5 more | 2024-11-21 | N/A |
| An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting (XSS) vulnerability in the search function of the management web interface allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | ||||
| CVE-2019-9226 | 1 Baigo | 1 Baigo Cms | 2024-11-21 | N/A |
| An issue was discovered in baigo CMS 2.1.1. There is a persistent XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the opt[base][BG_SITE_NAME] parameter to the bg_console/index.php?m=opt&c=request URI. | ||||
| CVE-2019-9207 | 1 Paessler | 1 Prtg Network Monitor | 2024-11-21 | 6.1 Medium |
| PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm searchtext parameter. NOTE: This product is discontinued. | ||||
| CVE-2019-9206 | 1 Paessler | 1 Prtg Network Monitor | 2024-11-21 | 6.1 Medium |
| PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm errormsg or loginurl parameter. NOTE: This product is discontinued. | ||||
| CVE-2019-9168 | 1 Woocommerce | 1 Woocommerce | 2024-11-21 | N/A |
| WooCommerce before 3.5.5 allows XSS via a Photoswipe caption. | ||||
| CVE-2019-9167 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter. | ||||
| CVE-2019-9164 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 8.8 High |
| Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job. | ||||
| CVE-2019-9145 | 1 Hsycms | 1 Hsycms | 2024-11-21 | N/A |
| An issue was discovered in Hsycms V1.1. There is an XSS vulnerability via the name field to the /book page. | ||||
| CVE-2019-9142 | 1 B3log | 1 Symphony | 2024-11-21 | N/A |
| An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java. | ||||
| CVE-2019-9108 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | N/A |
| XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app/core/map.php. | ||||
| CVE-2019-9094 | 1 Humhub | 1 Humhub | 2024-11-21 | N/A |
| A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in /s/adada/cfiles/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing JavaScript in the filename is echoed back in JavaScript code, which resulted in XSS. | ||||
| CVE-2019-9093 | 1 Humhub | 1 Humhub | 2024-11-21 | N/A |
| A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in file/file/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing a JavaScript payload in the filename parameter is echoed back, which resulted in reflected XSS. | ||||
| CVE-2019-9078 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT. | ||||
| CVE-2019-9066 | 1 Php Appointment Booking Script Project | 1 Php Appointment Booking Script | 2024-11-21 | N/A |
| PHP Scripts Mall PHP Appointment Booking Script 3.0.3 allows HTML injection in a user profile. | ||||
| CVE-2019-9016 | 1 Mopcms | 1 Mopcms | 2024-11-21 | N/A |
| An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[name] parameter in a mod=column request, as demonstrated by the /mopcms/X0AZgf(index).php?mod=column&ac=list&menuid=28&ac=add&menuid=29 URI. | ||||
| CVE-2019-8991 | 1 Tibco | 5 Activematrix Bpm, Activematrix Policy Director, Activematrix Service Bus and 2 more | 2024-11-21 | 8.8 High |
| The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains multiple vulnerabilities that may allow for cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1. | ||||
| CVE-2019-8987 | 1 Tibco | 2 Data Science For Aws, Spotfire Data Science | 2024-11-21 | 5.4 Medium |
| The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically allows an authenticated user to gain access to all the capabilities of the web interface available to more privileged users. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0. | ||||
| CVE-2019-8984 | 1 Altn | 1 Mdaemon | 2024-11-21 | N/A |
| MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2). | ||||