Vulnerabilities (CVE)

Filtered by CWE-79
Total 29286 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-7172 1 Atutor 1 Atutor 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php.
CVE-2019-7171 1 Croogo 1 Croogo 2024-11-21 3.5 LOW 4.8 MEDIUM
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8.
CVE-2019-7170 1 Croogo 1 Croogo 2024-11-21 3.5 LOW 4.8 MEDIUM
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies.
CVE-2019-7169 1 Croogo 1 Croogo 2024-11-21 3.5 LOW 4.8 MEDIUM
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3.
CVE-2019-7168 1 Croogo 1 Croogo 2024-11-21 3.5 LOW 4.8 MEDIUM
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog.
CVE-2019-6992 1 Zoneminder 1 Zoneminder 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI.
CVE-2019-6990 1 Zoneminder 1 Zoneminder 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones&action=zoneImage&mid=1 URI.
CVE-2019-6979 1 Ip History Logs Project 1 Ip History Logs 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in the User IP History Logs (aka IP_History_Logs) plugin 1.0.2 for MyBB. There is XSS via the admin/modules/tools/ip_history_logs.php useragent field.
CVE-2019-6804 1 Pagerduty 1 Rundeck 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp.
CVE-2019-6803 1 Typora 1 Typora 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
typora through 0.9.9.20.3 beta has XSS, with resultant remote command execution, via the left outline bar.
CVE-2019-6796 1 Gitlab 1 Gitlab 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). The user status field contains a lack of input validation and output encoding that results in a persistent XSS.
CVE-2019-6777 1 Zoneminder 1 Zoneminder 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter.
CVE-2019-6600 1 F5 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrative users and all external users are granted the "guest" role, unsanitized values can be reflected to the client via the login page. This can lead to a cross-site scripting attack against unauthenticated clients.
CVE-2019-6599 1 F5 1 Big-ip Access Policy Manager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
In BIG-IP 11.6.1-11.6.3.2 or 11.5.1-11.5.8, or Enterprise Manager 3.1.1, improper escaping of values in an undisclosed page of the configuration utility may result with an improper handling on the JSON response when it is injected by a malicious script via a remote cross-site scripting (XSS) attack.
CVE-2019-6595 1 F5 1 Big-ip Access Policy Manager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in F5 BIG-IP Access Policy Manager (APM) 11.5.x and 11.6.x Admin Web UI.
CVE-2019-6591 1 F5 1 Big-ip Access Policy Manager 2024-11-21 3.5 LOW 5.4 MEDIUM
On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system.
CVE-2019-6589 1 F5 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP configuration utility.
CVE-2019-6565 1 Moxa 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script.
CVE-2019-6528 1 Psigridconnect 10 Iec104 Security Proxy, Iec104 Security Proxy Firmware, Smart Telecontrol Unit Tcg and 7 more 2024-11-21 6.5 MEDIUM 8.8 HIGH
PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol Unit family, IEC104 Security Proxy versions Telecontrol Gateway 3G Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Telecontrol Gateway XS-MU Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Telecontrol Gateway VM Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Smart Telecontrol Unit TCG Versions 5.0.27, 5.1.19, 6.0.16 and prior, and IEC104 Security Proxy Version 2.2.10 and prior The web application browser interprets input as active HTML, JavaScript, or VBScript, which could allow an attacker to execute arbitrary code.
CVE-2019-6504 1 Broadcom 1 Automic Workload Automation 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted object.