ReportizFlow
Filtered by vendor
Subscriptions
Total
43001 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-8410 | 1 Maccms | 1 Maccms | 2024-11-21 | N/A |
| Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key). | ||||
| CVE-2019-8400 | 1 Ory | 1 Hydra | 2024-11-21 | N/A |
| ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter. | ||||
| CVE-2019-8391 | 1 Qdpm | 1 Qdpm | 2024-11-21 | N/A |
| qdPM 9.1 suffers from Cross-site Scripting (XSS) via configuration?type=[XSS] parameter. | ||||
| CVE-2019-8390 | 1 Qdpm | 1 Qdpm | 2024-11-21 | N/A |
| qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keywords] parameter. | ||||
| CVE-2019-8368 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.1 Medium |
| OpenEMR v5.0.1-6 allows XSS. | ||||
| CVE-2019-8363 | 1 Verydows | 1 Verydows | 2024-11-21 | N/A |
| Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value. | ||||
| CVE-2019-8361 | 1 Responsive Video News Script Project | 1 Responsive Video News Script | 2024-11-21 | N/A |
| PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection. | ||||
| CVE-2019-8349 | 1 Htmly | 1 Htmly | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HTMLy 2.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) destination parameter to delete feature; the (2) destination parameter to edit feature; (3) content parameter in the profile feature. | ||||
| CVE-2019-8346 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | N/A |
| In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user's AD self-service password reset and MFA token. | ||||
| CVE-2019-8335 | 1 Schoolcms | 1 Schoolcms | 2024-11-21 | N/A |
| An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&id=[XSS]. | ||||
| CVE-2019-8334 | 1 Schoolcms | 1 Schoolcms | 2024-11-21 | N/A |
| An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index&c=Channel&m=Home&viewid=[XSS]. | ||||
| CVE-2019-8331 | 4 F5, Getbootstrap, Redhat and 1 more | 22 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 19 more | 2024-11-21 | 6.1 Medium |
| In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. | ||||
| CVE-2019-8290 | 1 Online Store System Project | 1 Online Store System | 2024-11-21 | 6.1 Medium |
| Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected. | ||||
| CVE-2019-8289 | 1 Online Store System Project | 1 Online Store System | 2024-11-21 | 5.4 Medium |
| Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php adidas_member_email variable | ||||
| CVE-2019-8288 | 1 Online Store System Project | 1 Online Store System | 2024-11-21 | 5.4 Medium |
| Vulnerability in Online Store v1.0, Stored XSS in user_view.php where adidas_member_user variable is not sanitized. | ||||
| CVE-2019-8279 | 1 Vanillaforums | 1 Vanilla Forums | 2024-11-21 | N/A |
| Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum. | ||||
| CVE-2019-8278 | 1 Invisioncommunity | 1 Invision Power Board | 2024-11-21 | N/A |
| Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution. | ||||
| CVE-2019-8233 | 1 Magento | 1 Magento | 2024-11-21 | 6.1 Medium |
| In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a result of the sanitization engine ignoring HTML comments. | ||||
| CVE-2019-8228 | 1 Magento | 1 Magento | 2024-11-21 | 4.8 Medium |
| in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template. | ||||
| CVE-2019-8227 | 1 Magento | 1 Magento | 2024-11-21 | 4.8 Medium |
| In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML. | ||||