Skip to main content
CVE-2019-12047 MEDIUM POC This Month

Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module can be called to achieve arbitrary code execution, as demonstrated by child_process.exec and the "<img src=# onerror='eval(new. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Gridea
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2019-7409 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in ProfileDesign CMS v6.0.2.5 allows remote attackers to inject arbitrary web script or HTML via the (1) page, (2) gbs, (3) side, (4) id, (5). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Profiledesign Cms
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-12043 MEDIUM POC PATCH This Month

In remarkable 1.7.1, lib/parser_inline.js mishandles URL filtering, which allows attackers to trigger XSS via unprintable characters, as demonstrated by a \x0ejavascript: URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Remarkable
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7218 MEDIUM POC This Month

Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Citrix Google Sharefile
NVD
CVSS 3.0
5.9
EPSS
1.2%
CVE-2019-3684 MEDIUM POC This Month

SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Manager
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2019-7411 MEDIUM POC This Month

Multiple stored cross-site scripting (XSS) in the MyThemeShop Launcher plugin 1.0.8 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via fields as follows: (1). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Google Launcher
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2019-11429 MEDIUM POC This Month

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field on the "DNS Functions >. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webpanel
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
5.9%
CVE-2019-8350 MEDIUM This Month

The Simple - Better Banking application 2.45.0 through 2.45.3 (fixed in 2.46.0) for Android was affected by an information disclosure vulnerability that leaked the user's password to the keyboard. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Better Banking
NVD
CVSS 3.0
6.8
EPSS
0.3%
CVE-2019-1649 MEDIUM This Month

A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Asa 5500 Firmware Firepower 2100 Firmware Firepower 4000 Firmware +24
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2019-8952 MEDIUM This Month

A Path Traversal vulnerability located in the webserver affects several Bosch hardware and software products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Divar Ip 2000 Firmware Divar Ip 5000 Firmware Video Management System Video Recording Manager
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-8951 MEDIUM This Month

An Open Redirect vulnerability located in the webserver affects several Bosch hardware and software products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Divar Ip 2000 Firmware Divar Ip 5000 Firmware Video Management System Video Recording Manager
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-4259 MEDIUM This Month

A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Scale
NVD
CVSS 3.1
5.5
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy