Search Results (83447 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-8438 1 Dilicms 1 Dilicms 2024-11-21 N/A
An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the first textbox of "System setting->site setting" of admin/index.php, aka site_name.
CVE-2019-8436 1 Txjia 1 Imcat 2024-11-21 N/A
imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter.
CVE-2019-8435 1 Phpmywind 1 Phpmywind 2024-11-21 N/A
admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header.
CVE-2019-8434 1 Cmseasy 1 Cmseasy 2024-11-21 N/A
In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter.
CVE-2019-8432 1 Cmseasy 1 Cmseasy 2024-11-21 N/A
In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter.
CVE-2019-8427 1 Zoneminder 1 Zoneminder 2024-11-21 N/A
daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters.
CVE-2019-8426 1 Zoneminder 1 Zoneminder 2024-11-21 N/A
skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.
CVE-2019-8425 1 Zoneminder 1 Zoneminder 2024-11-21 N/A
includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.
CVE-2019-8419 1 Vnote Project 1 Vnote 2024-11-21 N/A
VNote 2.2 has XSS via a new text note.
CVE-2019-8410 1 Maccms 1 Maccms 2024-11-21 N/A
Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key).
CVE-2019-8400 1 Ory 1 Hydra 2024-11-21 N/A
ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter.
CVE-2019-8395 1 Zohocorp 1 Manageengine Servicedesk Plus 2024-11-21 N/A
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.
CVE-2019-8391 1 Qdpm 1 Qdpm 2024-11-21 N/A
qdPM 9.1 suffers from Cross-site Scripting (XSS) via configuration?type=[XSS] parameter.
CVE-2019-8390 1 Qdpm 1 Qdpm 2024-11-21 N/A
qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keywords] parameter.
CVE-2019-8368 1 Open-emr 1 Openemr 2024-11-21 6.1 Medium
OpenEMR v5.0.1-6 allows XSS.
CVE-2019-8363 1 Verydows 1 Verydows 2024-11-21 N/A
Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value.
CVE-2019-8361 1 Responsive Video News Script Project 1 Responsive Video News Script 2024-11-21 N/A
PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection.
CVE-2019-8359 2 Contiki-ng, Contiki-os 2 Contiki-ng, Contiki 2024-11-21 9.8 Critical
An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. An out of bounds write is present in the data section during 6LoWPAN fragment re-assembly in the face of forged fragment offsets in os/net/ipv6/sicslowpan.c.
CVE-2019-8356 1 Sound Exchange Project 1 Sound Exchange 2024-11-21 N/A
An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow.
CVE-2019-8355 1 Sound Exchange Project 1 Sound Exchange 2024-11-21 N/A
An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c.