Export limit exceeded: 344033 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45339 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45339 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17276 | 1 Netapp | 1 Oncommand System Manager | 2024-11-21 | 5.4 Medium |
| OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to 9.4P2 are susceptible to a cross site scripting vulnerability that could allow an authenticated attacker to inject arbitrary scripts into the SNMP Community Names label field. | ||||
| CVE-2019-17239 | 1 Wpfactory | 1 Download Plugins And Themes From Dashboard | 2024-11-21 | 6.1 Medium |
| includes/settings/class-alg-download-plugins-settings.php in the download-plugins-dashboard plugin through 1.5.0 for WordPress has multiple unauthenticated stored XSS issues. | ||||
| CVE-2019-17236 | 1 Getigniteup | 1 Igniteup | 2024-11-21 | 6.1 Medium |
| includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS. | ||||
| CVE-2019-17233 | 1 Etoilewebdesign | 1 Ultimate Faq | 2024-11-21 | 6.1 Medium |
| Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. | ||||
| CVE-2019-17231 | 1 Mageewp | 1 Onetone | 2024-11-21 | 6.1 Medium |
| includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues. | ||||
| CVE-2019-17229 | 1 Stylemixthemes | 1 Motors - Car Dealer\, Classifieds \& Listing | 2024-11-21 | 6.1 Medium |
| includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress has multiple stored XSS issues. | ||||
| CVE-2019-17226 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 4.8 Medium |
| CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field. | ||||
| CVE-2019-17225 | 1 Intelliants | 1 Subrion | 2024-11-21 | 5.4 Medium |
| Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue. | ||||
| CVE-2019-17223 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 6.1 Medium |
| There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php. | ||||
| CVE-2019-17222 | 1 Intelbras | 2 Wrn 150, Wrn 150 Firmware | 2024-11-21 | 6.1 Medium |
| An issue was discovered on Intelbras WRN 150 1.0.17 devices. There is stored XSS in the Service Name tab of the WAN configuration screen, leading to a denial of service (inability to change the configuration). | ||||
| CVE-2019-17220 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | 6.1 Medium |
| Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line. | ||||
| CVE-2019-17214 | 1 Webarxsecurity | 1 Webarx | 2024-11-21 | 7.5 High |
| The WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending &cc=1 to a URI. | ||||
| CVE-2019-17213 | 1 Webarxsecurity | 1 Webarx | 2024-11-21 | 6.1 Medium |
| The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS via the URI or the X-Forwarded-For HTTP header. | ||||
| CVE-2019-17207 | 1 Managewp | 1 Broken Link Checker | 2024-11-21 | 5.4 Medium |
| A reflected XSS vulnerability was found in includes/admin/table-printer.php in the broken-link-checker (aka Broken Link Checker) plugin 1.11.8 for WordPress. This allows unauthorized users to inject client-side JavaScript into an admin-only WordPress page via the wp-admin/tools.php?page=view-broken-links s_filter parameter in a search action. | ||||
| CVE-2019-17205 | 1 Teampass | 1 Teampass | 2024-11-21 | 6.1 Medium |
| TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed. | ||||
| CVE-2019-17204 | 1 Teampass | 1 Teampass | 2024-11-21 | 5.4 Medium |
| TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item. | ||||
| CVE-2019-17203 | 1 Teampass | 1 Teampass | 2024-11-21 | 5.4 Medium |
| TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder. | ||||
| CVE-2019-17189 | 1 Totemo | 1 Totemodata | 2024-11-21 | 5.4 Medium |
| totemodata 3.0.0_b936 has XSS via a folder name. | ||||
| CVE-2019-17179 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.1 Medium |
| 4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5.0.0, 5.0.0.5, 5.0.0.6, 5.0.1, 5.0.1.1, 5.0.1.2, 5.0.1.3, 5.0.1.4, 5.0.1.5, 5.0.1.6, 5.0.1.7, 5.0.2, fixed in version 5.0.2.1 | ||||
| CVE-2019-17176 | 1 Genesys | 1 Eservices Chat | 2024-11-21 | 6.1 Medium |
| Genesys PureEngage Digital (eServices) 8.1.x allows XSS via HtmlChatPanel.jsp or HtmlChatFrameSet.jsp (ActionColor, ClientNickNameColor, Email, email, or email_address parameter). | ||||