Total
44025 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16024 | 1 Cisco | 2 Crosswork Change Automation, Crosswork Network Automation | 2024-11-21 | 6.1 Medium |
| A vulnerability in the web-based management interface of Cisco Crosswork Change Automation could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | ||||
| CVE-2019-16015 | 1 Cisco | 1 Data Center Analytics Framework | 2024-11-21 | 6.1 Medium |
| A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information on the affected system. | ||||
| CVE-2019-16010 | 1 Cisco | 12 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 9 more | 2024-11-21 | 4.8 Medium |
| A vulnerability in the web UI of the Cisco SD-WAN vManage software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the vManage software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | ||||
| CVE-2019-16008 | 1 Cisco | 38 Ip Phone 6821, Ip Phone 6821 Firmware, Ip Phone 6825 and 35 more | 2024-11-21 | 5.4 Medium |
| A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based GUI of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | ||||
| CVE-2019-15969 | 1 Cisco | 1 Web Security Appliance | 2024-11-21 | 6.1 Medium |
| A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script or HTML code in the context of the interface, which could allow the attacker to gain access to sensitive, browser-based information. | ||||
| CVE-2019-15950 | 1 Redmineup | 1 Crm | 2024-11-21 | 6.1 Medium |
| The CRM Plugin before 4.2.4 for Redmine allows XSS via crafted vCard data. | ||||
| CVE-2019-15935 | 1 Intesync | 1 Solismed | 2024-11-21 | 6.1 Medium |
| Intesync Solismed 3.3sp has XSS. | ||||
| CVE-2019-15898 | 1 Nagios | 1 Log Server | 2024-11-21 | N/A |
| Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page. | ||||
| CVE-2019-15869 | 1 Jobcareer Project | 1 Jobcareer | 2024-11-21 | N/A |
| The JobCareer theme before 2.5.1 for WordPress has stored XSS. | ||||
| CVE-2019-15864 | 1 Holest | 1 Breadcrumbs By Menu | 2024-11-21 | N/A |
| The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has XSS. | ||||
| CVE-2019-15848 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A |
| JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user. | ||||
| CVE-2019-15842 | 1 Easy Pdf Restaurant Menu Upload Project | 1 Easy Pdf Restaurant Menu Upload | 2024-11-21 | N/A |
| The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS. | ||||
| CVE-2019-15838 | 1 Kunalnagar | 1 Custom 404 Pro | 2024-11-21 | N/A |
| The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789. | ||||
| CVE-2019-15837 | 1 Bitwise-it | 1 Webp Express | 2024-11-21 | N/A |
| The webp-express plugin before 0.14.8 for WordPress has stored XSS. | ||||
| CVE-2019-15836 | 1 Bootstrapped | 1 Wp Ultimate Recipe | 2024-11-21 | N/A |
| The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS. | ||||
| CVE-2019-15833 | 1 Simple Mail Address Encoder Project | 1 Simple Mail Address Encoder | 2024-11-21 | 6.1 Medium |
| The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS. | ||||
| CVE-2019-15830 | 1 Icegram | 1 Icegram Engage | 2024-11-21 | N/A |
| The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS. | ||||
| CVE-2019-15829 | 1 Greentreelabs | 1 Gallery Photoblocks | 2024-11-21 | N/A |
| The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS. | ||||
| CVE-2019-15827 | 1 Onesignal | 1 Onesignal-free-web-push-notifications | 2024-11-21 | N/A |
| The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter. | ||||
| CVE-2019-15817 | 1 Realestateconnected | 1 Easy Property Listings | 2024-11-21 | N/A |
| The easy-property-listings plugin before 3.4 for WordPress has XSS. | ||||