Search Results (83232 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-17608 1 Hongcms Project 1 Hongcms 2024-11-21 6.1 Medium
HongCMS 3.0.0 has XSS via the install/index.php dbname parameter.
CVE-2019-17607 1 Hongcms Project 1 Hongcms 2024-11-21 6.1 Medium
HongCMS 3.0.0 has XSS via the install/index.php servername parameter.
CVE-2019-17606 1 Hexo-admin Project 1 Hexo-admin 2024-11-21 6.1 Medium
The Post editor functionality in the hexo-admin plugin versions 2.3.0 and earlier for Node.js is vulnerable to stored XSS via the content of a post.
CVE-2019-17603 1 Asus 1 Aura Sync 2024-11-21 7.8 High
Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service (system crash) or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.
CVE-2019-17601 1 Minishare Project 1 Minishare 2024-11-21 9.8 Critical
In MiniShare 1.4.1, there is a stack-based buffer overflow via an HTTP CONNECT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19862 and CVE-2018-19861. NOTE: this product is discontinued.
CVE-2019-17599 1 Expresstech 1 Quiz And Survey Master 2024-11-21 6.1 Medium
The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter (and/or the quiz_id parameter). The component is: admin/quiz-options-page.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.
CVE-2019-17583 1 Idreamsoft 1 Icms 2024-11-21 7.5 High
idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of service (resource consumption) via a query for many comments, as demonstrated by the admincp.php?app=comment&perpage= substring followed by a large positive integer.
CVE-2019-17581 1 Dormsystem Project 1 Dormsystem 2024-11-21 6.1 Medium
tonyy dormsystem through 1.3 allows DOM XSS.
CVE-2019-17579 1 Sonarsource 1 Sonarqube 2024-11-21 6.1 Medium
SonarSource SonarQube before 7.8 has XSS in project links on account/projects.
CVE-2019-17578 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 5.4 Medium
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Sender email for automatic emails (default value in php.ini: Undefined)" field.
CVE-2019-17577 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 5.4 Medium
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails (fields 'Errors-To' in emails sent)" field.
CVE-2019-17576 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 5.4 Medium
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit URI via the "Send all emails to (instead of real recipients, for test purposes)" field.
CVE-2019-17575 1 Wbce 1 Wbce Cms 2024-11-21 7.2 High
A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This can be exploited by an authenticated user with admin privileges to rename a media filename and extension. (For example: place PHP code in a .jpg file, and then change the file's base name to filename.ph and change the file's extension to p. Because of concatenation, the name is then treated as filename.php.) At the result, remote attackers can execute arbitrary PHP code.
CVE-2019-17573 3 Apache, Oracle, Redhat 14 Cxf, Commerce Guided Search, Communications Element Manager and 11 more 2024-11-21 6.1 Medium
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable.
CVE-2019-17557 1 Apache 1 Syncope 2024-11-21 5.4 Medium
It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string.
CVE-2019-17551 1 Apakgroup 1 Wholesale Floorplanning Finance 2024-11-21 6.1 Medium
In Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5, an attacker can send an authenticated POST request with a malicious payload to /WFS/agreementView.faces allowing a stored XSS via the mainForm:loanNotesnotes:0:rich_text_editor_note_text parameter in the Notes section. Although versions 6.31.8.3 and 6.31.8.5 are confirmed to be affected, all versions with the vulnerable WYSIWYG editor in the Notes section are likely affected.
CVE-2019-17550 1 Adenion 1 Blog2social 2024-11-21 6.1 Medium
The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2s_id parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.
CVE-2019-17543 1 Lz4 Project 1 Lz4 2024-11-21 8.1 High
LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."
CVE-2019-17542 3 Canonical, Debian, Ffmpeg 3 Ubuntu Linux, Debian Linux, Ffmpeg 2024-11-21 9.8 Critical
FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.
CVE-2019-17540 3 Debian, Imagemagick, Redhat 3 Debian Linux, Imagemagick, Enterprise Linux 2024-11-21 8.8 High
ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.