Search Results (83407 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-7543 1 Kindsoft 1 Kindeditor 2024-11-21 N/A
In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability.
CVE-2019-7541 1 Rukovoditel 1 Rukovoditel 2024-11-21 N/A
Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring.
CVE-2019-7537 1 Pytroll 1 Donfig 2024-11-21 N/A
An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collect_yaml method in config_obj.py. It can execute arbitrary Python commands, resulting in command execution.
CVE-2019-7482 1 Sonicwall 2 Sma 100, Sma 100 Firmware 2024-11-21 9.8 Critical
Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.
CVE-2019-7474 1 Sonicwall 2 Sonicos, Sonicosv 2024-11-21 6.5 Medium
A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).
CVE-2019-7438 1 Jio 2 Jiofi 4g M2s, Jiofi 4g M2s Firmware 2024-11-21 N/A
cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter.
CVE-2019-7437 1 Opensource Classified Ads Script Project 1 Opensource Classified Ads Script 2024-11-21 N/A
PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected Cross-Site Scripting (XSS) via the Search field.
CVE-2019-7435 1 Opensource Classified Ads Script Project 1 Opensource Classified Ads Script 2024-11-21 N/A
PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected HTML injection via the Search Form.
CVE-2019-7432 1 Rental Bike Script Project 1 Rental Bike Script 2024-11-21 N/A
PHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the STREET field in the Profile Edit section.
CVE-2019-7430 1 Image Sharing Script Project 1 Image Sharing Script 2024-11-21 N/A
PHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the Search Bar.
CVE-2019-7427 1 Zohocorp 1 Manageengine Netflow Analyzer 2024-11-21 N/A
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the autorefTime or graphTypes parameter.
CVE-2019-7426 1 Zohocorp 1 Manageengine Netflow Analyzer 2024-11-21 N/A
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the groupDesc, groupName, groupID, or task parameter.
CVE-2019-7425 1 Zohocorp 1 Manageengine Netflow Analyzer 2024-11-21 6.1 Medium
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter.
CVE-2019-7424 1 Zohocorp 1 Manageengine Netflow Analyzer 2024-11-21 N/A
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. The latter is related to CVE-2009-3903.
CVE-2019-7423 1 Zohocorp 1 Manageengine Netflow Analyzer 2024-11-21 N/A
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter.
CVE-2019-7422 1 Zohocorp 1 Manageengine Netflow Analyzer 2024-11-21 N/A
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter.
CVE-2019-7421 1 Samsung 3 Syncthru Web Service, X7400gx, X7400gx Firmware 2024-11-21 N/A
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple parameters: contextpath and basedURL.
CVE-2019-7420 1 Samsung 3 Syncthru Web Service, X7400gx, X7400gx Firmware 2024-11-21 N/A
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.application/information/networkinformationView.sws" in the tabName parameter.
CVE-2019-7419 1 Samsung 3 Syncthru Web Service, X7400gx, X7400gx Firmware 2024-11-21 N/A
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title.
CVE-2019-7418 1 Samsung 3 Syncthru Web Service, X7400gx, X7400gx Firmware 2024-11-21 N/A
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc.