Export limit exceeded: 45316 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45316 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1010235 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | N/A |
| Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing, Alert pop-up on page, Redirecting to another phishing site, Executing browser exploits. The component is: Snippets. | ||||
| CVE-2019-1010207 | 1 Genetechsolutions | 1 Pie Register | 2024-11-21 | N/A |
| Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scripting (XSS). The impact is: Stealing of session cookies. The component is: File: Login. Parameters: interim-login, wp-lang, and supplied URL. The attack vector is: If a victim clicks a malicious link, the attacker can steal his/her account. The fixed version is: 3.0.16. | ||||
| CVE-2019-1010199 | 1 Servicestack | 1 Servicestack | 2024-11-21 | N/A |
| ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site Scripting (XSS). The impact is: JavaScrpit is reflected in the server response, hence executed by the browser. The component is: the query used in the GET request is prone. The attack vector is: Since there is no server-side validation and If Browser encoding is bypassed, the victim is affected when opening a crafted URL. The fixed version is: 5.2.0. | ||||
| CVE-2019-1010193 | 1 Hisiphp | 1 Hisiphp | 2024-11-21 | N/A |
| hisiphp 1.0.8 is affected by: Cross Site Scripting (XSS). | ||||
| CVE-2019-1010147 | 2 Bmc, Yellowfinbi | 2 Remedy Smart Reporting, Yellowfin Bi | 2024-11-21 | N/A |
| Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browser. The component is: MIAdminStyles.i4. The attack vector is: Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. The fixed version is: 7.4 and later. | ||||
| CVE-2019-1010124 | 1 Webappick | 1 Woocommerce Product Feed | 2024-11-21 | 5.4 Medium |
| WebAppick WooCommerce Product Feed 2.2.18 and earlier is affected by: Cross Site Scripting (XSS). The impact is: XSS to RCE via editing theme files in WordPress. The component is: admin/partials/woo-feed-manage-list.php:63. The attack vector is: Administrator must be logged in. | ||||
| CVE-2019-1010113 | 1 Premiumsoftware | 1 Cleditor | 2024-11-21 | N/A |
| Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site Scripting (XSS). The impact is: An attacker might be able to inject arbitrary html and script code into the web site. The component is: jQuery plug-in. The attack vector is: the victim must open a crafted href attribute of a link (A) element. | ||||
| CVE-2019-1010091 | 1 Tiny | 1 Tinymce | 2024-11-21 | 6.1 Medium |
| tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab. | ||||
| CVE-2019-1010028 | 1 School College Portal With Erp Script Project | 1 School College Portal With Erp Script | 2024-11-21 | N/A |
| phpscriptsmall.com School College Portal with ERP Script 2.6.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attack administrators and teachers, students and more. The component is: /pro-school/index.php?student/message/send_reply/. The attack vector is: <img src=x onerror=alert(document.domain) />. | ||||
| CVE-2019-1010018 | 1 Zammad | 1 Zammad | 2024-11-21 | N/A |
| Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) - CWE-80. The impact is: Execute java script code on users browser. The component is: web app. The attack vector is: the victim must open a ticket. The fixed version is: 2.3.1, 2.2.2 and 2.1.3. | ||||
| CVE-2019-1010016 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A |
| Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker. | ||||
| CVE-2019-1010008 | 1 Openenergymonitor | 1 Emoncms | 2024-11-21 | N/A |
| OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting (XSS). The impact is: Theoretically low, but might potentially enable persistent XSS (user could embed mal. code). The component is: Javascript code execution in "Name", "Location", "Bio" and "Starting Page" fields in the "My Account" page. File: Lib/listjs/list.js, line 67. The attack vector is: unknown, victim must open profile page if persistent was possible. | ||||
| CVE-2019-1010005 | 1 Hexoeditor Project | 1 Hexoeditor | 2024-11-21 | N/A |
| HexoEditor v1.1.8-beta is affected by: XSS to code execution. | ||||
| CVE-2019-1010003 | 1 Leanote | 1 Leanote | 2024-11-21 | N/A |
| Leanote prior to version 2.6 is affected by: Cross Site Scripting (XSS). | ||||
| CVE-2019-1003050 | 3 Jenkins, Oracle, Redhat | 4 Jenkins, Communications Cloud Native Core Automated Test Suite, Openshift and 1 more | 2024-11-21 | 5.4 Medium |
| The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names. | ||||
| CVE-2019-1003042 | 2 Jenkins, Redhat | 2 Lockable Resources, Openshift | 2024-11-21 | N/A |
| A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin. | ||||
| CVE-2019-1003023 | 1 Jenkins | 1 Warnings Next Generation | 2024-11-21 | N/A |
| A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourcePrinter.java, src/main/java/io/jenkins/plugins/analysis/core/util/Sanitizer.java, src/main/java/io/jenkins/plugins/analysis/warnings/DuplicateCodeScanner.java that allows attackers with the ability to control warnings parser input to have Jenkins render arbitrary HTML. | ||||
| CVE-2019-1003014 | 2 Jenkins, Redhat | 3 Config File Provider, Openshift, Openshift Container Platform | 2024-11-21 | N/A |
| An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete the shared configuration file. | ||||
| CVE-2019-1003013 | 2 Jenkins, Redhat | 3 Blue Ocean, Openshift, Openshift Container Platform | 2024-11-21 | N/A |
| An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/ExportConfig.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/JSONDataWriter.java, blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/UserStatePreloader.java, blueocean-web/src/main/resources/io/jenkins/blueocean/PageStatePreloadDecorator/header.jelly that allows attackers with permission to edit a user's description in Jenkins to have Blue Ocean render arbitrary HTML when using it as that user. | ||||
| CVE-2019-1000024 | 1 Opt-net | 1 Ng-netms | 2024-11-21 | N/A |
| OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cross Site Scripting (XSS) vulnerability in /js/libs/jstree/demo/filebrowser/index.php page. The "id" and "operation" GET parameters can be used to inject arbitrary JavaScript which is returned in the page's response that can result in Cross-site scripting.This attack appear to be exploitable via network connectivity. | ||||