Search Results (83228 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-16665 1 Thinksaas 1 Thinksaas 2024-11-21 6.1 Medium
An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element.
CVE-2019-16664 1 Thinksaas 1 Thinksaas 2024-11-21 4.8 Medium
An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter.
CVE-2019-16663 1 Rconfig 1 Rconfig 2024-11-21 8.8 High
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution.
CVE-2019-16662 1 Rconfig 1 Rconfig 2024-11-21 9.8 Critical
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
CVE-2019-16661 1 Digimute 1 Ogma Cms 2024-11-21 5.4 Medium
Ogma CMS 0.5 has XSS via creation of a new blog.
CVE-2019-16657 1 Tuzicms 1 Tuzicms 2024-11-21 6.1 Medium
TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/.
CVE-2019-16643 1 Zrlog 1 Zrlog 2024-11-21 5.4 Medium
An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area.
CVE-2019-16564 1 Jenkins 1 Pipeline Aggregator View 2024-11-21 5.4 Medium
Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content such as job display name or pipeline stage names.
CVE-2019-16563 1 Jenkins 1 Mission Control 2024-11-21 5.4 Medium
Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job display names and build names shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to change these properties.
CVE-2019-16562 1 Jenkins 1 Buildgraph-view 2024-11-21 5.4 Medium
Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the description of builds shown in its view, resulting in a stored XSS vulnerability exploitable by users able to change build descriptions.
CVE-2019-16534 1 Draytek 8 Vigor2925 Firmware, Vigor2925ac, Vigor2925fn and 5 more 2024-11-21 6.1 Medium
On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product.
CVE-2019-16533 1 Draytek 8 Vigor2925 Firmware, Vigor2925ac, Vigor2925fn and 5 more 2024-11-21 6.1 Medium
On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product.
CVE-2019-16532 1 Yzmcms 1 Yzmcms 2024-11-21 6.1 Medium
An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections.
CVE-2019-16525 1 Checklist 1 Checklist 2024-11-21 6.1 Medium
An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code.
CVE-2019-16524 1 Status301 1 Easy Fancybox 2024-11-21 4.8 Medium
The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter.
CVE-2019-16523 1 Pixelite 1 Events Manager 2024-11-21 5.4 Medium
The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin.
CVE-2019-16522 1 Eu Cookie Law Project 1 Eu Cookie Law 2024-11-21 4.8 Medium
The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An attacker with high privileges can attack other users.
CVE-2019-16521 1 Managewp 1 Broken Link Checker 2024-11-21 6.1 Medium
The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payload in the s_filter GET parameter in a filter_id=search request. NOTE: this is an end-of-life product.
CVE-2019-16520 1 Semperplugins 1 All In One Seo Pack 2024-11-21 5.4 Medium
The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement.
CVE-2019-16512 1 Connectwise 1 Control 2024-11-21 4.8 Medium
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is stored XSS in the Appearance modifier.