Export limit exceeded: 10151 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44455 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15713 | 1 My Calendar Project | 1 My Calendar | 2024-11-21 | N/A |
| The my-calendar plugin before 3.1.10 for WordPress has XSS. | ||||
| CVE-2019-15700 | 1 Frappe | 1 Frappe | 2024-11-21 | N/A |
| public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text. | ||||
| CVE-2019-15652 | 1 Nssglobal | 4 Satlink 2000, Satlink 2900, Satlink 2910 and 1 more | 2024-11-21 | 6.1 Medium |
| The web interface for NSSLGlobal SatLink VSAT Modem Unit (VMU) devices before 18.1.0 doesn't properly sanitize input for error messages, leading to the ability to inject client-side code. | ||||
| CVE-2019-15644 | 1 Zoho | 1 Salesiq | 2024-11-21 | N/A |
| The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS. | ||||
| CVE-2019-15643 | 1 Etoilewebdesign | 1 Ultimate Faq | 2024-11-21 | N/A |
| The ultimate-faqs plugin before 1.8.22 for WordPress has XSS. | ||||
| CVE-2019-15619 | 1 Nextcloud | 3 Deck, Nextcloud Server, Talk | 2024-11-21 | 4.8 Medium |
| Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project. | ||||
| CVE-2019-15618 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.8 Medium |
| Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location. | ||||
| CVE-2019-15614 | 1 Nextcloud | 1 Nextcloud | 2024-11-21 | 5.4 Medium |
| Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files. | ||||
| CVE-2019-15607 | 1 Nodered | 1 Node-red | 2024-11-21 | 5.4 Medium |
| A stored XSS vulnerability is present within node-red (version: <= 0.20.7) npm package, which is a visual tool for wiring the Internet of Things. This issue will allow the attacker to steal session cookies, deface web applications, etc. | ||||
| CVE-2019-15603 | 1 Seeftl Project | 1 Seeftl | 2024-11-21 | 6.1 Medium |
| The seefl package v0.1.1 is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability via a malicious filename rendered in a directory listing. | ||||
| CVE-2019-15602 | 1 Itwork | 1 Fileview | 2024-11-21 | 6.1 Medium |
| The fileview package v0.1.6 has inadequate output encoding and escaping, which leads to a stored Cross-Site Scripting (XSS) vulnerability in files it serves. | ||||
| CVE-2019-15587 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 5.4 Medium |
| In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. | ||||
| CVE-2019-15586 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.1 Medium |
| A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin. | ||||
| CVE-2019-15539 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 6.1 Medium |
| The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed when editing the document's page. | ||||
| CVE-2019-15532 | 1 Gchq | 1 Cyberchef | 2024-11-21 | N/A |
| CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs. | ||||
| CVE-2019-15510 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 6.1 Medium |
| ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the user administration page via the description of a role. | ||||
| CVE-2019-15501 | 1 Lsoft | 1 Listserv | 2024-11-21 | N/A |
| Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter. | ||||
| CVE-2019-15499 | 2 Apple, Hackmd | 2 Safari, Codimd | 2024-11-21 | 6.1 Medium |
| CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL. | ||||
| CVE-2019-15497 | 2 Blackbox, Onelan | 4 Icompel, Icompel Firmware, Net-top-box and 1 more | 2024-11-21 | N/A |
| Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH, HTTP, HTTPS, and FTP. | ||||
| CVE-2019-15492 | 1 It-novum | 1 Openitcockpit | 2024-11-21 | N/A |
| openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21. | ||||