Search Results (83229 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-16957 1 Solarwinds 1 Webhelpdesk 2024-11-21 5.4 Medium
SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account.
CVE-2019-16956 1 Solarwinds 1 Web Help Desk 2024-11-21 5.4 Medium
SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket.
CVE-2019-16955 1 Solarwinds 1 Webhelpdesk 2024-11-21 5.4 Medium
SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.
CVE-2019-16954 1 Solarwinds 1 Web Help Desk 2024-11-21 5.4 Medium
SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket.
CVE-2019-16950 1 Enghouse 1 Web Chat 2024-11-21 6.1 Medium
An XSS issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. The QueueName parameter of a GET request allows for insertion of user-supplied JavaScript.
CVE-2019-16935 4 Canonical, Debian, Python and 1 more 6 Ubuntu Linux, Debian Linux, Python and 3 more 2024-11-21 6.1 Medium
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.
CVE-2019-16931 1 Themeisle 1 Visualizer 2024-11-21 6.1 Medium
A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard. This occurs because classes/Visualizer/Gutenberg/Block.php registers wp-json/visualizer/v1/update-chart with no access control, and classes/Visualizer/Render/Page/Data.php lacks output sanitization.
CVE-2019-16930 1 Z.cash 1 Zcash 2024-11-21 5.3 Medium
Zcashd in Zcash before 2.0.7-3 allows discovery of the IP address of a full node that owns a shielded address, related to mishandling of exceptions during deserialization of note plaintexts. This affects anyone who has disclosed their zaddr to a third party.
CVE-2019-16927 1 Glyphandcog 1 Xpdf 2024-11-21 5.5 Medium
Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877.
CVE-2019-16926 1 Flower Project 1 Flower 2024-11-21 6.1 Medium
Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has full access
CVE-2019-16925 1 Flower Project 1 Flower 2024-11-21 6.1 Medium
Flower 0.9.3 has XSS via the name parameter in an @app.task call. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has full access
CVE-2019-16923 1 Kkcms Project 1 Kkcms 2024-11-21 6.1 Medium
kkcms 1.3 has jx.php?url= XSS.
CVE-2019-16914 1 Netgate 1 Pfsense 2024-11-21 6.1 Medium
An XSS issue was discovered in pfSense through 2.4.4-p3. In services_captiveportal_mac.php, the username and delmac parameters are displayed without sanitization.
CVE-2019-16904 1 Teampass 1 Teampass 2024-11-21 5.4 Medium
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the change history of the item or tapping on the item.)
CVE-2019-16901 1 Advantech 1 Webaccess\/hmi Designer 2024-11-21 7.5 High
Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4.
CVE-2019-16890 1 Halo 1 Halo 2024-11-21 5.4 Medium
Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments.
CVE-2019-16889 1 Ui 24 Ep-r6, Ep-r6 Firmware, Ep-r8 and 21 more 2024-11-21 7.5 High
Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The attacker can use a long series of unique session IDs.
CVE-2019-16878 1 Portainer 1 Portainer 2024-11-21 5.4 Medium
Portainer before 1.22.1 has XSS (issue 2 of 2).
CVE-2019-16873 1 Portainer 1 Portainer 2024-11-21 5.4 Medium
Portainer before 1.22.1 has XSS (issue 1 of 2).
CVE-2019-16866 2 Canonical, Nlnetlabs 2 Ubuntu Linux, Unbound 2024-11-21 7.5 High
Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.