Skip to main content
CVE-2019-10107 MEDIUM POC This Month

CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cms Made Simple
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-10106 MEDIUM POC This Month

CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cms Made Simple
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-10105 MEDIUM POC This Month

CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cms Made Simple
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-1571 MEDIUM POC This Month

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Expedition
NVD
CVSS 3.0
4.8
EPSS
1.1%
CVE-2019-1570 MEDIUM POC This Month

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Expedition
NVD
CVSS 3.0
4.8
EPSS
1.1%
CVE-2019-1569 MEDIUM POC This Month

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Expedition
NVD
CVSS 3.0
4.8
EPSS
1.1%
CVE-2019-7646 MEDIUM POC This Month

CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webpanel
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
7.2%
CVE-2019-6540 MEDIUM This Month

The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mycarelink Monitor 24950 Firmware Mycarelink Monitor 24952 Firmware Carelink Monitor 2490C Firmware Carelink 2090 Firmware +19
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2019-9961 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in ressource view in core/modules/resource/RESOURCEVIEW.php in Wikindx prior to version 5.7.0 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Wikindx
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-3850 MEDIUM PATCH This Month

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Moodle
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-3826 MEDIUM PATCH This Month

A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Prometheus Openshift Container Platform
NVD GitHub
CVSS 3.0
6.1
EPSS
2.7%
CVE-2019-8987 MEDIUM This Month

The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Data Science For Aws Spotfire Data Science
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2019-6341 MEDIUM PATCH This Month

In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Drupal Debian Linux Fedora
NVD
CVSS 3.0
5.4
EPSS
12.4%
CVE-2019-8989 MEDIUM This Month

The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a vulnerability that theoretically enables a user to spoof their account. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Data Science For Aws Spotfire Data Science
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2019-3852 MEDIUM PATCH This Month

A vulnerability was found in moodle before version 3.6.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Moodle
NVD
CVSS 3.0
4.3
EPSS
0.9%
CVE-2019-3851 MEDIUM PATCH This Month

A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Moodle Fedora
NVD
CVSS 3.0
4.3
EPSS
0.9%
CVE-2019-3848 MEDIUM PATCH This Month

A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Moodle
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-3606 MEDIUM This Month

Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows. Rated medium severity (CVSS 4.1). No vendor patch available.

Information Disclosure Network Security Manager
NVD
CVSS 3.0
4.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy