Export limit exceeded: 45342 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45342 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1375 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | 5.4 Medium |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. | ||||
| CVE-2019-1332 | 1 Microsoft | 3 Power Bi Report Server, Sql Server 2017 Reporting Services, Sql Server 2019 Reporting Services | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'. | ||||
| CVE-2019-1329 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Foundation | 2024-11-21 | 5.4 Medium |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1330. | ||||
| CVE-2019-1328 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Foundation | 2024-11-21 | 5.4 Medium |
| A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. | ||||
| CVE-2019-1305 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2024-11-21 | 5.4 Medium |
| A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. | ||||
| CVE-2019-1273 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 5.4 Medium |
| A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS Vulnerability'. | ||||
| CVE-2019-1266 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 6.1 Medium |
| A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. | ||||
| CVE-2019-1262 | 1 Microsoft | 1 Sharepoint Foundation | 2024-11-21 | 5.4 Medium |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | ||||
| CVE-2019-1137 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 5.4 Medium |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'. | ||||
| CVE-2019-1076 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2024-11-21 | N/A |
| A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. | ||||
| CVE-2019-1070 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2024-11-21 | 5.4 Medium |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | ||||
| CVE-2019-19991 | 1 Seling | 1 Visual Access Manager | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Reflected Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /vam/vam_anagraphic.php, /vam/vam_vamuser.php, /common/vamp_main.php, and /wiz/change_password.php. | ||||
| CVE-2019-19990 | 1 Seling | 1 Visual Access Manager | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Stored Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /monitor/s_headmodel.php and /vam/vam_user.php. | ||||
| CVE-2019-19979 | 1 Wp Maintenance Project | 1 Wp Maintenance | 2024-11-21 | 8.8 High |
| A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site's maintenance mode and inject malicious code affecting site visitors. There was CSRF with resultant XSS. | ||||
| CVE-2019-19968 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 5.4 Medium |
| PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content. | ||||
| CVE-2019-19941 | 1 Swisscom | 2 Centro Grande, Centro Grande Firmware | 2024-11-21 | 5.4 Medium |
| Missing hostname validation in Swisscom Centro Grande before 6.16.12 allows a remote attacker to inject its local IP address as a domain entry in the DNS service of the router via crafted hostnames in DHCP requests, causing XSS. | ||||
| CVE-2019-19935 | 1 Froala | 1 Froala Editor | 2024-11-21 | 6.1 Medium |
| Froala Editor before 3.2.3 allows XSS. | ||||
| CVE-2019-19916 | 2 Microsoft, Midori-browser | 2 Windows 10, Midori | 2024-11-21 | 6.1 Medium |
| In Midori Browser 0.5.11 (on Windows 10), Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the multipart/x-mixed-replace MIME type. This could result in script running where CSP should have blocked it, allowing for cross-site scripting (XSS) and other attacks when the product renders the content as HTML. Remediating this would also need to consider the polyglot case, e.g., a file that is a valid GIF image and also valid JavaScript. | ||||
| CVE-2019-19913 | 1 Intland | 1 Codebeamer | 2024-11-21 | 4.8 Medium |
| In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter. | ||||
| CVE-2019-19912 | 1 Intland | 1 Codebeamer | 2024-11-21 | 4.8 Medium |
| In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote attackers to inject arbitrary scripts via an active script embedded in an SWF file. | ||||