Export limit exceeded: 45397 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45397 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-7212 | 1 Smartertools | 1 Smartermail | 2024-11-21 | N/A |
| SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists. | ||||
| CVE-2019-7211 | 1 Smartertools | 1 Smartermail | 2024-11-21 | N/A |
| SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a malicious email or when viewing a malicious file attachment. | ||||
| CVE-2019-7197 | 1 Qnap | 1 Qts | 2024-11-21 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS. If exploited, this vulnerability may allow an attacker to inject and execute scripts on the administrator console. To fix this vulnerability, QNAP recommend updating QTS to the latest version. | ||||
| CVE-2019-7185 | 1 Qnap | 2 Music Station, Qts | 2024-11-21 | 4.8 Medium |
| This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Music Station to their latest versions. | ||||
| CVE-2019-7184 | 1 Qnap | 2 Qts, Video Station | 2024-11-21 | 4.8 Medium |
| This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Video Station to their latest versions. | ||||
| CVE-2019-7173 | 1 Croogo | 1 Croogo | 2024-11-21 | N/A |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4. | ||||
| CVE-2019-7172 | 1 Atutor | 1 Atutor | 2024-11-21 | N/A |
| A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php. | ||||
| CVE-2019-7171 | 1 Croogo | 1 Croogo | 2024-11-21 | N/A |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8. | ||||
| CVE-2019-7170 | 1 Croogo | 1 Croogo | 2024-11-21 | N/A |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies. | ||||
| CVE-2019-7169 | 1 Croogo | 1 Croogo | 2024-11-21 | N/A |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3. | ||||
| CVE-2019-7168 | 1 Croogo | 1 Croogo | 2024-11-21 | N/A |
| A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog. | ||||
| CVE-2019-7129 | 1 Adobe | 1 Experience Manager Forms | 2024-11-21 | N/A |
| Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2019-7092 | 1 Adobe | 1 Coldfusion | 2024-11-21 | N/A |
| ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability. Successful exploitation could lead to information disclosure . | ||||
| CVE-2019-7004 | 1 Avaya | 1 Ip Office Application Server | 2024-11-21 | 5.4 Medium |
| A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated. | ||||
| CVE-2019-7000 | 1 Avaya | 1 Aura Conferencing | 2024-11-21 | 6.1 Medium |
| A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated. | ||||
| CVE-2019-6992 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI. | ||||
| CVE-2019-6990 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A |
| A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI. | ||||
| CVE-2019-6979 | 1 Ip History Logs Project | 1 Ip History Logs | 2024-11-21 | N/A |
| An issue was discovered in the User IP History Logs (aka IP_History_Logs) plugin 1.0.2 for MyBB. There is XSS via the admin/modules/tools/ip_history_logs.php useragent field. | ||||
| CVE-2019-6969 | 1 Dlink | 2 Dva-5592, Dva-5592 Firmware | 2024-11-21 | 7.5 High |
| The web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that allows an unauthenticated user to have access to sensitive information such as the Wi-Fi password and the phone number (if VoIP is in use). | ||||
| CVE-2019-6968 | 1 Dlink | 2 Dva-5592, Dva-5592 Firmware | 2024-11-21 | 6.1 Medium |
| The web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS because HTML form parameters are directly reflected. | ||||