Total
44009 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-13564 | 1 Pingidentity | 1 Agentless Integration Kit | 2024-11-21 | 6.1 Medium |
| XSS exists in Ping Identity Agentless Integration Kit before 1.5. | ||||
| CVE-2019-13562 | 1 Dlink | 2 Dir-655, Dir-655 Firmware | 2024-11-21 | N/A |
| D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the /www/apply_sec.cgi html_response_return_page parameter. | ||||
| CVE-2019-13538 | 1 Codesys | 1 Codesys | 2024-11-21 | 8.6 High |
| 3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only. | ||||
| CVE-2019-13506 | 1 Nuxtjs | 2 \@nuxt\/devalue, Nuxt.js | 2024-11-21 | N/A |
| @nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mishandles object keys, leading to XSS. | ||||
| CVE-2019-13505 | 1 Dwbooster | 1 Appointment Hour Booking | 2024-11-21 | 6.1 Medium |
| The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1. | ||||
| CVE-2019-13495 | 1 Zyxel | 2 Xgs2210-52hp, Xgs2210-52hp Firmware | 2024-11-21 | 5.4 Medium |
| In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross-site scripting (XSS) issues allows remote authenticated users to inject arbitrary web script via an rpSys.html Name or Location field. | ||||
| CVE-2019-13493 | 1 Sitecore | 1 Experience Platform | 2024-11-21 | N/A |
| In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript. | ||||
| CVE-2019-13488 | 1 Trape Project | 1 Trape | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability in static/js/trape.js in Trape through 2019-05-08 allows remote attackers to inject arbitrary web script or HTML via the country, query, or refer parameter to the /register URI, because the jQuery prepend() method is used. | ||||
| CVE-2019-13478 | 1 Yoast | 1 Yoast Seo | 2024-11-21 | 9.8 Critical |
| The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions. | ||||
| CVE-2019-13476 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | N/A |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email list page. | ||||
| CVE-2019-13472 | 1 Phpwind | 1 Phpwind | 2024-11-21 | N/A |
| PHPWind 9.1.0 has XSS vulnerabilities in the c and m parameters of the index.php file. | ||||
| CVE-2019-13463 | 1 Quantumcloud | 1 Simple Link Directory | 2024-11-21 | 6.1 Medium |
| An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Link Directory plugin before 7.3.5 for WordPress allows remote attackers to inject arbitrary web script or HTML, because esc_html is not called for the "echo get_the_title()" or "echo $term->name" statement. | ||||
| CVE-2019-13448 | 1 Sertek | 1 Xpare | 2024-11-21 | N/A |
| An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could exploit the vulnerable function in order to prepare an XSS payload to send to the product's clients. | ||||
| CVE-2019-13422 | 1 Search-guard | 1 Search Guard | 2024-11-21 | N/A |
| Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login. | ||||
| CVE-2019-13414 | 1 Boiteasite | 1 Rencontre | 2024-11-21 | 6.1 Medium |
| The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/rencontre_widget.php. | ||||
| CVE-2019-13407 | 2 Androvideo, Geovision | 6 Vd 1, Vd 1 Firmware, Gv-vd8700 and 3 more | 2024-11-21 | N/A |
| A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly. | ||||
| CVE-2019-13397 | 1 Enhancesoft | 1 Osticket | 2024-11-21 | N/A |
| Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via arbitrary file extension while creating a support ticket. | ||||
| CVE-2019-13392 | 1 Mindpalette | 1 Natemail | 2024-11-21 | 6.1 Medium |
| A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid. | ||||
| CVE-2019-13389 | 1 Rainloop | 1 Webmail | 2024-11-21 | 6.1 Medium |
| RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header. | ||||
| CVE-2019-13387 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 6.1 Medium |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected XSS in filemanager2.php (parameter fm_current_dir) allows attackers to steal a cookie or session, or redirect to a phishing website. | ||||