| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-17092 |
1 Openproject |
1 Openproject |
2019-10-14 |
4.3 |
| An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled. |
| CVE-2016-10873 |
1 Wpseeds |
1 Wp Database Backup |
2019-10-12 |
4.3 |
| The wp-database-backup plugin before 4.3.3 for WordPress has XSS. |
| CVE-2019-1070 |
1 Microsoft |
1 Sharepoint Enterprise Server |
2019-10-11 |
3.5 |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. |
| CVE-2019-12707 |
1 Cisco |
3 Unified Communications Manager, Unified Communications Manager Im And Presence Service, Unity Connection |
2019-10-11 |
4.3 |
| A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected... |
| CVE-2019-17070 |
1 Lqd |
1 Liquid Speech Balloon |
2019-10-11 |
4.3 |
| The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin 1.0.5 for WordPress allows XSS with Internet Explorer. |
| CVE-2019-17417 |
1 Pbootcms |
1 Pbootcms |
2019-10-11 |
3.5 |
| PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs. |
| CVE-2019-1328 |
1 Microsoft |
2 Sharepoint Enterprise Server, Sharepoint Foundation |
2019-10-11 |
3.5 |
| A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. |
| CVE-2019-1329 |
1 Microsoft |
2 Sharepoint Enterprise Server, Sharepoint Foundation |
2019-10-11 |
3.5 |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE... |
| CVE-2015-9459 |
1 Seo Searchterms Tagging 2 Project |
1 Seo Searchterms Tagging 2 |
2019-10-11 |
4.3 |
| The searchterms-tagging-2 plugin through 1.535 for WordPress has XSS via the wp-admin/options-general.php count parameter. |
| CVE-2015-9468 |
1 K-78 |
1 Broken Link Manager |
2019-10-11 |
4.3 |
| The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action. |
| CVE-2019-17491 |
1 Jnoj |
1 Jiangnan Online Judge |
2019-10-11 |
4.3 |
| Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[description] parameter to web/admin/problem/create or web/polygon/problem/update. |
| CVE-2019-17489 |
1 Jnoj |
1 Jiangnan Online Judge |
2019-10-11 |
4.3 |
| Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create. |
| CVE-2019-17493 |
1 Jnoj |
1 Jiangnan Online Judge |
2019-10-11 |
4.3 |
| Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_input] parameter to web/admin/problem/create or web/polygon/problem/update. |
| CVE-2019-17239 |
1 Wpfactory |
1 Download Plugins And Themes From Dashboard |
2019-10-11 |
4.3 |
| includes/settings/class-alg-download-plugins-settings.php in the download-plugins-dashboard plugin through 1.5.0 for WordPress has multiple unauthenticated stored XSS issues. |
| CVE-2015-9453 |
1 K-78 |
1 Broken Link Manager |
2019-10-10 |
4.3 |
| The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist. |
| CVE-2019-17071 |
1 Realbigplugins |
1 Client Dash |
2019-10-10 |
4.3 |
| The client-dash (aka Client Dash) plugin 2.1.4 for WordPress allows XSS. |
| CVE-2019-17430 |
1 Eyoucms |
1 Eyoucms |
2019-10-10 |
4.3 |
| EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter. |
| CVE-2019-0369 |
1 Sap |
1 Financial Consolidation |
2019-10-10 |
3.5 |
| SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site... |
| CVE-2019-17433 |
1 Laravel-admin |
1 Laravel-admin |
2019-10-10 |
3.5 |
| z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen. |
| CVE-2019-11651 |
1 Microfocus |
2 Enterprise Developer, Enterprise Server |
2019-10-10 |
4.3 |
| Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a... |
