Search Results (83230 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-17524 1 Technicolor 2 Tc7300.b0, Tc7300.b0 Firmware 2024-11-21 5.4 Medium
An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. An intranet host can use a crafted hostname to exploit this.
CVE-2019-17523 1 Technicolor 2 Tc7300.b0, Tc7300.b0 Firmware 2024-11-21 5.4 Medium
An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp.
CVE-2019-17522 1 Hotarucms 1 Hotarucms 2024-11-21 4.8 Medium
A stored XSS vulnerability was discovered in Hotaru CMS v1.7.2 via the admin_index.php?page=settings SITE NAME field (aka SITE_NAME), a related issue to CVE-2011-4709.1.
CVE-2019-17515 1 Cleantalk 1 Spam Protection\, Antispam\, Firewall 2024-11-21 6.1 Medium
The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and inc/cleantalk-comments.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.
CVE-2019-17513 1 Ratpack Project 1 Ratpack 2024-11-21 7.5 High
An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur.
CVE-2019-17510 1 Dlink 2 Dir-846, Dir-846 Firmware 2024-11-21 9.8 Critical
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell metacharacters to /squashfs-root/www/HNAP1/control/SetWizardConfig.php.
CVE-2019-17509 1 Dlink 2 Dir-846, Dir-846 Firmware 2024-11-21 9.8 Critical
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php.
CVE-2019-17508 1 Dlink 4 Dir-850l A, Dir-850l A Firmware, Dir-859 A3 and 1 more 2024-11-21 9.8 Critical
On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable.
CVE-2019-17504 1 Kirona 1 Dynamic Resource Scheduling 2024-11-21 6.1 Medium
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. A reflected Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script via the /osm/report/ password parameter.
CVE-2019-17501 1 Centreon 1 Centreon 2024-11-21 8.8 High
Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen). CVE-2019-17501 and CVE-2019-16405 are similar to one another and may be the same.
CVE-2019-17499 1 Compal 2 Ch7465lg, Ch7465lg Firmware 2024-11-21 8.8 High
The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not properly validate ping command arguments, which allows remote authenticated users to execute OS commands as root via shell metacharacters in the Target_IP parameter.
CVE-2019-17496 1 Craftcms 1 Craft Cms 2024-11-21 6.1 Medium
Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion.
CVE-2019-17494 1 Laravel-bjyblog Project 1 Laravel-bjyblog 2024-11-21 6.1 Medium
laravel-bjyblog 6.1.1 has XSS via a crafted URL.
CVE-2019-17493 1 Jnoj 1 Jiangnan Online Judge 2024-11-21 6.1 Medium
Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_input] parameter to web/admin/problem/create or web/polygon/problem/update.
CVE-2019-17491 1 Jnoj 1 Jiangnan Online Judge 2024-11-21 6.1 Medium
Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[description] parameter to web/admin/problem/create or web/polygon/problem/update.
CVE-2019-17489 1 Jnoj 1 Jiangnan Online Judge 2024-11-21 6.1 Medium
Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create.
CVE-2019-17488 1 B3log 1 Symphony 2024-11-21 6.1 Medium
b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header.
CVE-2019-17434 1 Lavalite 1 Lavalite 2024-11-21 5.4 Medium
LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen.
CVE-2019-17433 1 Laravel-admin 1 Laravel-admin 2024-11-21 4.8 Medium
z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen.
CVE-2019-17432 1 Fastadmin 1 Fastadmin 2024-11-21 6.5 Medium
An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the row[name] parameter.