Total
2927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3708 | 1 Dell | 1 Emc Isilonsd Management Server | 2024-11-21 | 9.3 HIGH | 8.3 HIGH |
| IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an OVA file. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user. | |||||
| CVE-2019-3670 | 1 Mcafee | 1 Web Advisor | 2024-11-21 | 4.3 MEDIUM | 8.0 HIGH |
| Remote Code Execution vulnerability in the web interface in McAfee Web Advisor (WA) 8.0.34745 and earlier allows remote unauthenticated attacker to execute arbitrary code via a cross site scripting attack. | |||||
| CVE-2019-3638 | 1 Mcafee | 1 Web Gateway | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link. | |||||
| CVE-2019-25152 | 1 Tychesoftwares | 2 Abandoned Cart Lite For Woocommerce, Abandoned Cart Pro For Woocommerce | 2024-11-21 | N/A | 7.2 HIGH |
| The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in user input that will execute on the admin dashboard. | |||||
| CVE-2019-25147 | 1 Prettylinks | 1 Pretty Links | 2024-11-21 | N/A | 7.2 HIGH |
| The Pretty Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via various IP headers as well as the referer header in versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping in the track_link function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2019-25146 | 1 Delucks | 1 Delucks Seo | 2024-11-21 | N/A | 7.2 HIGH |
| The DELUCKS SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the saveSettings() function that had no capability checks in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute whenever a victim accesses the page. | |||||
| CVE-2019-25145 | 1 Wpforms | 1 Contact Form | 2024-11-21 | N/A | 7.2 HIGH |
| The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the ‘public/class-pirateforms-public.php’ file in versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary HTML in emails that could be used to phish unsuspecting victims. | |||||
| CVE-2019-25140 | 1 Wpshopmart | 1 Coming Soon Page \& Maintenance Mode | 2024-11-21 | N/A | 7.2 HIGH |
| The WordPress Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the logo_width, logo_height, rcsp_logo_url, home_sec_link_txt, rcsp_headline and rcsp_description parameters in versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2019-20798 | 1 Cherokee-project | 1 Cherokee | 2024-11-21 | 6.0 MEDIUM | 8.4 HIGH |
| An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and execute arbitrary commands. | |||||
| CVE-2019-20209 | 1 Cththemes | 3 Citybook, Easybook, Townhub | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing. | |||||
| CVE-2019-1583 | 1 Paloaltonetworks | 1 Twistlock | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another user. Active interaction with an affected component is required for the payload to execute on the victim. | |||||
| CVE-2019-19979 | 1 Wp Maintenance Project | 1 Wp Maintenance | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site's maintenance mode and inject malicious code affecting site visitors. There was CSRF with resultant XSS. | |||||
| CVE-2019-19821 | 1 Combodo | 1 Itop | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not following the HTTP Location header in server responses. This is fixed in all iTop packages (community, essential, professional) in versions : 2.5.4, 2.6.3, 2.7.0 | |||||
| CVE-2019-19223 | 1 Dlink | 2 Dsl-2680, Dsl-2680 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to reboot the router by submitting a reboot.html GET request without being authenticated on the admin interface. | |||||
| CVE-2019-18857 | 1 Svg-sanitizer Project | 1 Svg-sanitizer | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript	:alert substring. | |||||
| CVE-2019-17214 | 1 Webarxsecurity | 1 Webarx | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending &cc=1 to a URI. | |||||
| CVE-2019-16068 | 1 Netsas | 1 Enigma Network Management Solution | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious manage_files.cgi request. This can be triggered via XSS or an IFRAME tag included within the site. | |||||
| CVE-2019-15816 | 1 Wpexpertdeveloper | 1 Wp Private Content Plus | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions. | |||||
| CVE-2019-13741 | 1 Google | 1 Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content. | |||||
| CVE-2019-13538 | 1 Codesys | 1 Codesys | 2024-11-21 | 6.8 MEDIUM | 8.6 HIGH |
| 3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only. | |||||