Export limit exceeded: 46630 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46630 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-13352 | 1 Wolfvision | 1 Cynap | 2024-11-21 | N/A |
| WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic secret for generating support PINs for the 'forgot password' feature. By knowing this static secret and the corresponding algorithm for calculating support PINs, an attacker can reset the ADMIN password and thus gain remote access. | ||||
| CVE-2019-13346 | 1 Myt Project | 1 Myt | 2024-11-21 | N/A |
| In MyT 1.5.1, the User[username] parameter has XSS. | ||||
| CVE-2019-13345 | 3 Debian, Redhat, Squid-cache | 3 Debian Linux, Enterprise Linux, Squid | 2024-11-21 | N/A |
| The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter. | ||||
| CVE-2019-13341 | 1 1234n | 1 Minicms | 2024-11-21 | N/A |
| In MiniCMS V1.10, stored XSS was found in mc-admin/conf.php (comment box), which can be used to get a user's cookie. | ||||
| CVE-2019-13340 | 1 1234n | 1 Minicms | 2024-11-21 | N/A |
| In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the content box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, CVE-2018-20520, and CVE-2019-13186. | ||||
| CVE-2019-13339 | 1 1234n | 1 Minicms | 2024-11-21 | N/A |
| In MiniCMS V1.10, stored XSS was found in mc-admin/page-edit.php (content box), which can be used to get a user's cookie. | ||||
| CVE-2019-13274 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2024-11-21 | N/A |
| In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter. | ||||
| CVE-2019-13239 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A |
| inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture. | ||||
| CVE-2019-13236 | 1 Alkacon | 1 Opencms | 2024-11-21 | N/A |
| In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface. | ||||
| CVE-2019-13235 | 1 Alkacon | 1 Opencms Apollo Template | 2024-11-21 | N/A |
| In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form. | ||||
| CVE-2019-13234 | 1 Alkacon | 1 Opencms Apollo Template | 2024-11-21 | N/A |
| In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine. | ||||
| CVE-2019-13209 | 1 Suse | 1 Rancher | 2024-11-21 | N/A |
| Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is accomplished, the exploiter is able to execute commands against the cluster's Kubernetes API with the permissions and identity of the victim. | ||||
| CVE-2019-13200 | 1 Kyocera | 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware | 2024-11-21 | 6.1 Medium |
| The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Reflected XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions. | ||||
| CVE-2019-13198 | 1 Kyocera | 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware | 2024-11-21 | 6.1 Medium |
| The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Stored XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions. | ||||
| CVE-2019-13189 | 1 Eng | 1 Knowage | 2024-11-21 | N/A |
| In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page. | ||||
| CVE-2019-13186 | 1 1234n | 1 Minicms | 2024-11-21 | N/A |
| In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the tags box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, and CVE-2018-20520. | ||||
| CVE-2019-13182 | 1 Solarwinds | 1 Serv-u Ftp Server | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in the web UI of SolarWinds Serv-U FTP Server 15.1.7. | ||||
| CVE-2019-13167 | 1 Xerox | 2 Phaser 3320, Phaser 3320 Firmware | 2024-11-21 | 6.1 Medium |
| Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions. | ||||
| CVE-2019-13127 | 2 Draw, Jgraph | 2 Draw.io Diagrams, Mxgraph | 2024-11-21 | N/A |
| An issue was discovered in mxGraph through 4.0.0, related to the "draw.io Diagrams" plugin before 8.3.14 for Confluence and other products. Improper input validation/sanitization of a color field leads to XSS. This is associated with javascript/examples/grapheditor/www/js/Dialogs.js. | ||||
| CVE-2019-13122 | 1 Ozlabs | 1 Patchwork | 2024-11-21 | N/A |
| A Cross Site Scripting (XSS) vulnerability exists in the template tag used to render message ids in Patchwork v1.1 through v2.1.x. This allows an attacker to insert JavaScript or HTML into the patch detail page via an email sent to a mailing list consumed by Patchwork. This affects the function msgid in templatetags/patch.py. Patchwork versions v2.1.4 and v2.0.4 will contain the fix. | ||||