Skip to main content
CVE-2019-11406 MEDIUM POC PATCH This Month

Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Subrion Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-11398 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitrary web script or HTML via the go parameter to admin/index.php, the go parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ulicms
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
3.5%
CVE-2019-11507 MEDIUM POC PATCH This Month

In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Ivanti Connect Secure
NVD
CVSS 3.1
6.1
EPSS
4.1%
CVE-2019-11818 MEDIUM POC PATCH This Month

Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-11564 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Humhub
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.6%
CVE-2019-8349 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in HTMLy 2.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) destination parameter to delete feature; the (2). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Htmly
NVD
CVSS 3.0
6.1
EPSS
2.2%
CVE-2019-5014 MEDIUM This Month

An exploitable improper access control vulnerability exists in the bluetooth low energy functionality of Winco Fireworks FireFly FW-1007 V2.0. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fw 1007 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2019-11814 MEDIUM PATCH This Month

An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Misp
NVD GitHub VulDB
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-11812 MEDIUM PATCH This Month

A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Misp
NVD GitHub VulDB
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-11813 MEDIUM PATCH This Month

An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Misp
NVD GitHub VulDB
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-11643 MEDIUM This Month

Persistent XSS has been found in the OneShield Policy (Dragon Core) framework before 5.1.10. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Oneshield Policy
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-11550 MEDIUM PATCH This Month

Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Citrix Information Disclosure Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
5.9
EPSS
0.6%
CVE-2019-11561 MEDIUM This Month

The Chuango 433 MHz burglar-alarm product line is vulnerable to a Denial of Service attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service H4 Plus Firmware Awv Plus Firmware G5W 3G Firmware G5 Plus Firmware +6
NVD GitHub
CVSS 3.0
5.9
EPSS
1.0%
CVE-2019-9698 MEDIUM This Month

Symantec AV Engine, prior to 13.0.9r17, may be susceptible to an arbitrary file deletion issue, which is a type of vulnerability that could allow an attacker to delete files on the resident system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Antivirus Engine
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2019-2053 MEDIUM This Month

In wnm_parse_neighbor_report_elem of wnm_sta.c, there is a possible out-of-bounds read due to missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy