ReportizFlow
Filtered by vendor
Subscriptions
Total
42869 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11997 | 1 Hp | 1 Enhanced Internet Usage Manager | 2024-11-21 | 6.1 Medium |
| A potential security vulnerability has been identified in HPE enhanced Internet Usage Manager (eIUM) versions 8.3 and 9.0. The vulnerability could be used for unauthorized access to information via cross site scripting. HPE has made the following software updates to resolve the vulnerability in eIUM. The eIUM 8.3 FP01 customers are advised to install eIUM83FP01Patch_QXCR1001711284.20190806-1244 patch. The eIUM 9.0 customers are advised to upgrade to eIUM 9.0 FP02 PI5 or later versions. For other versions, please, contact the product support. | ||||
| CVE-2019-11992 | 1 Hp | 1 Oneview For Vmware Vcenter | 2024-11-21 | 6.1 Medium |
| A security vulnerability in HPE OneView for VMware vCenter 9.5 could be exploited remotely to allow Cross-Site Scripting. | ||||
| CVE-2019-11982 | 1 Hp | 39 Integrated Lights-out 4 Firmware, Integrated Lights-out 5 Firmware, Proliant Bl460c Gen10 and 36 more | 2024-11-21 | N/A |
| A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39. | ||||
| CVE-2019-11928 | 1 Whatsapp | 1 Whatsapp Desktop | 2024-11-21 | 6.1 Medium |
| An input validation issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed cross-site scripting upon clicking on a link from a specially crafted live location message. | ||||
| CVE-2019-11877 | 1 Pix-link | 2 Lv-wr09, Lv-wr09 Firmware | 2024-11-21 | N/A |
| XSS on the PIX-Link Repeater/Router LV-WR09 with firmware v28K.MiniRouter.20180616 allows attackers to steal credentials without being connected to the network. The attack vector is a crafted ESSID. | ||||
| CVE-2019-11876 | 2 Drupal, Prestashop | 2 Drupal, Prestashop | 2024-11-21 | N/A |
| In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link. | ||||
| CVE-2019-11871 | 1 Custom Field Suite Project | 1 Custom Field Suite | 2024-11-21 | N/A |
| The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for editors or admins. | ||||
| CVE-2019-11870 | 1 S9y | 1 Serendipity | 2024-11-21 | N/A |
| Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature. | ||||
| CVE-2019-11869 | 1 Yuzopro | 1 Yuzo | 2024-11-21 | N/A |
| The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that is_admin() verifies that the request comes from an admin user (it actually only verifies that the request is for an admin page). An unauthenticated attacker can inject a payload into the plugin settings, such as the yuzo_related_post_css_and_style setting. | ||||
| CVE-2019-11846 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
| /servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection. | ||||
| CVE-2019-11845 | 1 Ricoh | 2 Sp 4510dn, Sp 4510dn Firmware | 2024-11-21 | N/A |
| An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter. | ||||
| CVE-2019-11844 | 1 Ricoh | 2 Sp 4520dn, Sp 4520dn Firmware | 2024-11-21 | N/A |
| An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter. | ||||
| CVE-2019-11828 | 1 Synology | 1 Office | 2024-11-21 | 5.5 Medium |
| Cross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2019-11827 | 1 Synology | 1 Note Station | 2024-11-21 | 6.5 Medium |
| Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the object_id parameter. | ||||
| CVE-2019-11825 | 1 Synology | 1 Calendar | 2024-11-21 | 6.5 Medium |
| Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter. | ||||
| CVE-2019-11818 | 1 Alkacon | 1 Opencms | 2024-11-21 | N/A |
| Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). This allows an attacker to insert arbitrary JavaScript as user input (First Name or Last Name), which will be executed whenever the affected snippet is loaded. | ||||
| CVE-2019-11814 | 1 Misp | 1 Misp | 2024-11-21 | N/A |
| An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot. | ||||
| CVE-2019-11813 | 1 Misp | 1 Misp | 2024-11-21 | N/A |
| An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107. There is persistent XSS via link type attributes with javascript:// links. | ||||
| CVE-2019-11812 | 1 Misp | 1 Misp | 2024-11-21 | N/A |
| A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. JavaScript can be included in the discussion interface, and can be triggered by clicking on the link. | ||||
| CVE-2019-11809 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector. | ||||