Export limit exceeded: 35113 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29911 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45788 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45788 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9016 | 1 Mopcms | 1 Mopcms | 2024-11-21 | N/A |
| An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[name] parameter in a mod=column request, as demonstrated by the /mopcms/X0AZgf(index).php?mod=column&ac=list&menuid=28&ac=add&menuid=29 URI. | ||||
| CVE-2019-8991 | 1 Tibco | 5 Activematrix Bpm, Activematrix Policy Director, Activematrix Service Bus and 2 more | 2024-11-21 | 8.8 High |
| The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains multiple vulnerabilities that may allow for cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1. | ||||
| CVE-2019-8987 | 1 Tibco | 2 Data Science For Aws, Spotfire Data Science | 2024-11-21 | 5.4 Medium |
| The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically allows an authenticated user to gain access to all the capabilities of the web interface available to more privileged users. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0. | ||||
| CVE-2019-8984 | 1 Altn | 1 Mdaemon | 2024-11-21 | N/A |
| MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2). | ||||
| CVE-2019-8983 | 1 Altn | 1 Mdaemon | 2024-11-21 | N/A |
| MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2). | ||||
| CVE-2019-8953 | 1 Netgate | 1 Haproxy | 2024-11-21 | N/A |
| The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php. | ||||
| CVE-2019-8950 | 1 Dasannetworks | 2 H665, H665 Firmware | 2024-11-21 | N/A |
| The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET. | ||||
| CVE-2019-8947 | 1 Zimbra | 1 Collaboration Server | 2024-11-21 | 6.1 Medium |
| Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS. | ||||
| CVE-2019-8946 | 1 Zimbra | 1 Collaboration Server | 2024-11-21 | 6.1 Medium |
| Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. | ||||
| CVE-2019-8945 | 1 Zimbra | 1 Collaboration Server | 2024-11-21 | 6.1 Medium |
| Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. | ||||
| CVE-2019-8939 | 1 Tautulli | 1 Tautulli | 2024-11-21 | N/A |
| data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page. | ||||
| CVE-2019-8938 | 1 Vertrigoserv Project | 1 Vertrigoserv | 2024-11-21 | N/A |
| VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter. | ||||
| CVE-2019-8937 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | N/A |
| HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php. | ||||
| CVE-2019-8935 | 1 O-dyn | 1 Collabtive | 2024-11-21 | N/A |
| Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter. | ||||
| CVE-2019-8929 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype. | ||||
| CVE-2019-8928 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName. | ||||
| CVE-2019-8927 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, rep_schedule, rep_Type, schDesc, schName, schSource, selectDeviceDone, task, val10, and val11. | ||||
| CVE-2019-8926 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource. | ||||
| CVE-2019-8924 | 1 Apachefriends | 1 Xampp | 2024-11-21 | N/A |
| XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued. | ||||
| CVE-2019-8920 | 1 Apachefriends | 1 Xampp | 2024-11-21 | N/A |
| iart.php in XAMPP 1.7.0 has XSS, a related issue to CVE-2008-3569. | ||||