Search Results (83382 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-6181 1 Lenovo 1 Xclarity Administrator 2024-11-21 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The JavaScript code is not executed on LXCA itself.
CVE-2019-6180 1 Lenovo 1 Xclarity Administrator 2024-11-21 4.8 Medium
A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not executed on LXCA itself.
CVE-2019-6159 1 Lenovo 30 Bladecenter Hs22, Bladecenter Hs22 Firmware, Bladecenter Hs22v and 27 more 2024-11-21 6.1 Medium
A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause JavaScript code to be stored in the IMM log which may then be executed in the user's web browser when IMM log records containing the JavaScript code are viewed. The JavaScript code is not executed on IMM itself. The later IMM2 (IMM v2) is not affected.
CVE-2019-6147 1 Forcepoint 1 Next Generation Firewall Security Management Center 2024-11-21 5.9 Medium
Forcepoint NGFW Security Management Center (SMC) versions lower than 6.5.12 or 6.7.1 have a rare issue that in specific circumstances can corrupt the internal configuration database. When the database is corrupted, the SMC might produce an incorrect IPsec configuration for the Forcepoint Next Generation Firewall (NGFW), possibly resulting in settings that are weaker than expected. All SMC versions lower than 6.5.12 or 6.7.1 are vulnerable.
CVE-2019-6146 1 Forcepoint 1 Web Security 2024-11-21 6.1 Medium
It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host header injection. CVSSv3.0: 5.3 (Medium) (/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVE-2019-6142 1 Forcepoint 2 Email Security, Security Manager 2024-11-21 6.1 Medium
It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue.
CVE-2019-6120 1 Nicehash 1 Miner 2024-11-21 7.5 High
An issue was discovered in NiceHash Miner before 2.0.3.0. A missing rate limit while adding a wallet via Email address allows remote attackers to submit a large number of email addresses to identify valid ones. By exploiting this vulnerability with CVE-2019-6122 (Username Enumeration) an adversary can enumerate a large number of valid users' Email addresses.
CVE-2019-6117 1 Wpape 1 Ape Gallery 2024-11-21 N/A
The wpape APE GALLERY plugin 1.6.14 for WordPress has stored XSS via the classGallery.php getCategories function.
CVE-2019-6112 1 Graphpaperpress 1 Sell Media 2024-11-21 6.1 Medium
A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).
CVE-2019-6036 1 F-revocrm 1 F-revocrm 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 patch6 (version 6 series) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-6034 1 Appleple 1 A-blog Cms 2024-11-21 6.1 Medium
a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the context of the application due to unspecified vectors.
CVE-2019-6033 1 Appleple 1 A-blog Cms 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-6031 1 Dayz 1 Kinza 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in KINZA for Windows version 5.9.2 and earlier and for Mac version 5.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via RSS reader.
CVE-2019-6029 1 Custom Body Class Project 1 Custom Body Class 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-6018 1 Netcommons 1 Netcommons 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in NetCommons 3.2.2 and earlier (NetCommons3.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-6016 1 Remise 1 Payment Module 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-6014 1 Dlink 2 Dba-1510p, Dba-1510p Firmware 2024-11-21 8.8 High
DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface.
CVE-2019-6013 1 Dlink 2 Dba-1510p, Dba-1510p Firmware 2024-11-21 6.6 Medium
DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI).
CVE-2019-6011 1 Tms-outsource 1 Wpdatatables Lite 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-6003 1 Ec-cube 1 Amazon Pay 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.