Skip to main content
CVE-2019-11537 MEDIUM POC This Month

In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Osticket
NVD GitHub Exploit-DB VulDB
CVSS 3.0
6.1
EPSS
4.6%
CVE-2019-9669 MEDIUM POC This Month

The Wordfence plugin 7.2.3 for WordPress allows XSS via a unique attack vector. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wordfence
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-11519 MEDIUM POC PATCH This Month

Libraries/Nop.Services/Localization/LocalizationService.cs in nopCommerce through 4.10 allows XXE via the "Configurations -> Languages -> Edit Language -> Import Resources -> Upload XML file" screen. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XXE Nopcommerce
NVD GitHub
CVSS 3.0
4.9
EPSS
1.2%
CVE-2019-11515 MEDIUM POC This Month

core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?download= absolute path traversal to read arbitrary files. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Gila Cms
NVD
CVSS 3.0
4.9
EPSS
2.1%
CVE-2019-11513 MEDIUM POC This Month

The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cms Made Simple
NVD
CVSS 3.0
4.8
EPSS
0.6%
CVE-2019-10955 MEDIUM This Month

In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Rockwell Micrologix 1400 A Firmware Micrologix 1400 B Firmware Micrologix 1100 Firmware +3
NVD VulDB
CVSS 3.1
6.1
EPSS
3.0%
CVE-2019-3788 MEDIUM This Month

Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Uaa Release
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-4092 MEDIUM This Month

IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Open Redirect Content Navigator
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-11511 MEDIUM This Month

Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Adselfservice Plus
NVD
CVSS 3.0
6.1
EPSS
2.1%
CVE-2019-4238 MEDIUM This Month

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4148 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling B2b Integrator
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-4077 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling B2b Integrator
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4076 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling B2b Integrator
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4075 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling B2b Integrator
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4074 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling B2b Integrator
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4073 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Sterling B2b Integrator
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4033 MEDIUM This Month

IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Content Navigator
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-3720 MEDIUM This Month

Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Dell Emc Openmanage Server Administrator
NVD
CVSS 3.1
4.9
EPSS
3.5%
CVE-2019-4222 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could allow an authenticated user to view process definition of a business process without permission. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Sterling B2b Integrator
NVD
CVSS 3.1
4.3
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy