Export limit exceeded: 45336 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45336 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15969 | 1 Cisco | 1 Web Security Appliance | 2024-11-21 | 6.1 Medium |
| A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script or HTML code in the context of the interface, which could allow the attacker to gain access to sensitive, browser-based information. | ||||
| CVE-2019-15950 | 1 Redmineup | 1 Crm | 2024-11-21 | 6.1 Medium |
| The CRM Plugin before 4.2.4 for Redmine allows XSS via crafted vCard data. | ||||
| CVE-2019-15935 | 1 Intesync | 1 Solismed | 2024-11-21 | 6.1 Medium |
| Intesync Solismed 3.3sp has XSS. | ||||
| CVE-2019-15898 | 1 Nagios | 1 Log Server | 2024-11-21 | N/A |
| Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page. | ||||
| CVE-2019-15869 | 1 Jobcareer Project | 1 Jobcareer | 2024-11-21 | N/A |
| The JobCareer theme before 2.5.1 for WordPress has stored XSS. | ||||
| CVE-2019-15867 | 1 Omaksolutions | 1 Slick-popup | 2024-11-21 | N/A |
| The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13# password for the slickpopupteam account, after a Subscriber calls a certain AJAX action. | ||||
| CVE-2019-15864 | 1 Holest | 1 Breadcrumbs By Menu | 2024-11-21 | N/A |
| The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has XSS. | ||||
| CVE-2019-15848 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A |
| JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user. | ||||
| CVE-2019-15842 | 1 Easy Pdf Restaurant Menu Upload Project | 1 Easy Pdf Restaurant Menu Upload | 2024-11-21 | N/A |
| The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS. | ||||
| CVE-2019-15838 | 1 Kunalnagar | 1 Custom 404 Pro | 2024-11-21 | N/A |
| The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789. | ||||
| CVE-2019-15837 | 1 Bitwise-it | 1 Webp Express | 2024-11-21 | N/A |
| The webp-express plugin before 0.14.8 for WordPress has stored XSS. | ||||
| CVE-2019-15836 | 1 Bootstrapped | 1 Wp Ultimate Recipe | 2024-11-21 | N/A |
| The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS. | ||||
| CVE-2019-15833 | 1 Simple Mail Address Encoder Project | 1 Simple Mail Address Encoder | 2024-11-21 | 6.1 Medium |
| The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS. | ||||
| CVE-2019-15830 | 1 Icegram | 1 Icegram Engage | 2024-11-21 | N/A |
| The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS. | ||||
| CVE-2019-15829 | 1 Greentreelabs | 1 Gallery Photoblocks | 2024-11-21 | N/A |
| The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS. | ||||
| CVE-2019-15827 | 1 Onesignal | 1 Onesignal-free-web-push-notifications | 2024-11-21 | N/A |
| The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter. | ||||
| CVE-2019-15817 | 1 Realestateconnected | 1 Easy Property Listings | 2024-11-21 | N/A |
| The easy-property-listings plugin before 3.4 for WordPress has XSS. | ||||
| CVE-2019-15816 | 1 Wpexpertdeveloper | 1 Wp Private Content Plus | 2024-11-21 | N/A |
| The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions. | ||||
| CVE-2019-15814 | 1 Sentrifugo | 1 Sentrifugo | 2024-11-21 | N/A |
| Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML. | ||||
| CVE-2019-15811 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS. | ||||