Search
Search Results (344010 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20523 | 1 Ilch | 1 Ilch Cms | 2024-11-21 | 6.1 Medium |
| ilchCMS 2.1.23 allows XSS via the index.php/partner/index Name parameter. | ||||
| CVE-2019-20522 | 1 Ilch | 1 Ilch Cms | 2024-11-21 | 6.1 Medium |
| ilchCMS 2.1.23 allows XSS via the index.php/partner/index Link parameter. | ||||
| CVE-2019-20521 | 1 Frappe | 1 Erpnext | 2024-11-21 | 6.1 Medium |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/ URI. | ||||
| CVE-2019-20520 | 1 Frappe | 1 Erpnext | 2024-11-21 | 6.1 Medium |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/method/ URI. | ||||
| CVE-2019-20519 | 1 Frappe | 1 Erpnext | 2024-11-21 | 6.1 Medium |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the user/ URI, as demonstrated by a crafted e-mail address. | ||||
| CVE-2019-20518 | 1 Frappe | 1 Erpnext | 2024-11-21 | 6.1 Medium |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the project/ URI. | ||||
| CVE-2019-20517 | 1 Frappe | 1 Erpnext | 2024-11-21 | 6.1 Medium |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the contact/ URI. | ||||
| CVE-2019-20516 | 1 Frappe | 1 Erpnext | 2024-11-21 | 6.1 Medium |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the blog/ URI. | ||||
| CVE-2019-20515 | 1 Frappe | 1 Erpnext | 2024-11-21 | 6.1 Medium |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the addresses/ URI. | ||||
| CVE-2019-20514 | 1 Frappe | 1 Erpnext | 2024-11-21 | 6.1 Medium |
| ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the address/ URI. | ||||
| CVE-2019-20513 | 1 Edx | 1 Open Edx | 2024-11-21 | 6.1 Medium |
| Open edX Ironwood.1 allows support/certificates?user= reflected XSS. | ||||
| CVE-2019-20512 | 1 Open.edx | 1 Ironwood | 2024-11-21 | 6.1 Medium |
| Open edX Ironwood.1 allows support/certificates?course_id= reflected XSS. | ||||
| CVE-2019-20511 | 1 Frappe | 1 Erpnext | 2024-11-21 | 6.1 Medium |
| ERPNext 11.1.47 allows blog?blog_category= Frame Injection. | ||||
| CVE-2019-20504 | 1 Quest | 1 Kace Systems Management | 2024-11-21 | 9.8 Critical |
| service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to execute code via shell metacharacters in the kuid parameter. | ||||
| CVE-2019-20503 | 4 Canonical, Debian, Redhat and 1 more | 6 Ubuntu Linux, Debian Linux, Enterprise Linux and 3 more | 2024-11-21 | 6.5 Medium |
| usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. | ||||
| CVE-2019-20502 | 1 Echatserver | 1 Easy Chat Server | 2024-11-21 | 7.5 High |
| An issue was discovered in EFS Easy Chat Server 3.1. There is a buffer overflow via a long body2.ghp message parameter. | ||||
| CVE-2019-20501 | 1 Dlink | 2 Dwl-2600ap, Dwl-2600ap Firmware | 2024-11-21 | 7.8 High |
| D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter. | ||||
| CVE-2019-20499 | 1 Dlink | 2 Dwl-2600ap, Dwl-2600ap Firmware | 2024-11-21 | 7.8 High |
| D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter. | ||||
| CVE-2019-20498 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 9.8 Critical |
| cPanel before 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect (SEC-534). | ||||
| CVE-2019-20497 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.4 Medium |
| cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533). | ||||