Export limit exceeded: 44597 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44597 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19390 | 1 Matrix42 | 1 Workspace Management | 2024-11-21 | 5.4 Medium |
| The Search parameter of the Software Catalogue section of Matrix42 Workspace Management 9.1.2.2765 and below accepts unfiltered parameters that lead to multiple reflected XSS issues. | ||||
| CVE-2019-19388 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter. | ||||
| CVE-2019-19387 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter. | ||||
| CVE-2019-19386 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter. | ||||
| CVE-2019-19385 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter. | ||||
| CVE-2019-19384 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter. | ||||
| CVE-2019-19381 | 1 Abacus | 1 Abacus | 2024-11-21 | 6.1 Medium |
| oauth/oauth2/v1/saml/ in Abacus OAuth Login 2019_01_r4_20191021_0000 before prior to R4 (20.11.2019 Hotfix) allows Reflected Cross Site Scripting (XSS) via an error message. | ||||
| CVE-2019-19371 | 1 Mitel | 1 Micollab Audio\, Web \& Video Conferencing | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the join meeting interface. A successful exploit could allow an attacker to execute arbitrary scripts. | ||||
| CVE-2019-19370 | 1 Mitel | 1 Micollab | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the web conferencing component of the Mitel MiCollab application before 9.0.15 for Android could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the file upload interface. A successful exploit could allow an attacker to execute arbitrary scripts. | ||||
| CVE-2019-19368 | 1 Maxum | 1 Rumpus | 2024-11-21 | 6.1 Medium |
| A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts | ||||
| CVE-2019-19367 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2019-19366 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter. | ||||
| CVE-2019-19336 | 2 Ovirt, Redhat | 3 Ovirt-engine, Rhev Manager, Virtualization | 2024-11-21 | 6.1 Medium |
| A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML pages that can run scripts in the context of the user's oVirt session. | ||||
| CVE-2019-19329 | 1 Wikimedia | 1 Wikidata Query Gui | 2024-11-21 | 6.1 Medium |
| In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT. | ||||
| CVE-2019-19328 | 1 Wikimedia | 1 Wikidata Query Gui | 2024-11-21 | 6.1 Medium |
| ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT. | ||||
| CVE-2019-19327 | 1 Wikimedia | 1 Wikidata Query Gui | 2024-11-21 | 6.1 Medium |
| ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT. | ||||
| CVE-2019-19325 | 1 Silverstripe | 1 Silverstripe | 2024-11-21 | 6.1 Medium |
| SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input. | ||||
| CVE-2019-19311 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.4 Medium |
| GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields. | ||||
| CVE-2019-19306 | 1 Zoho | 1 Lead Magnet | 2024-11-21 | 5.4 Medium |
| The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName. | ||||
| CVE-2019-19294 | 1 Siemens | 2 Sinvr 3 Central Control Server, Sinvr 3 Video Server | 2024-11-21 | 6.3 Medium |
| A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains multiple stored Cross-site Scripting (XSS) vulnerabilities in several input fields. This could allow an authenticated remote attacker to inject malicious JavaScript code into the CCS web application that is later executed in the browser context of any other user who views the relevant CCS web content. | ||||