Skip to main content
CVE-2019-14793 MEDIUM POC This Month

The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmb_delete_file attachment_id parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress PHP Meta Box
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2019-14312 MEDIUM POC PATCH THREAT This Month

Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Jaxer
NVD GitHub Exploit-DB
CVSS 3.0
6.5
EPSS
20.6%
CVE-2019-11776 MEDIUM POC This Month

In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Business Intelligence And Reporting Tools
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-14791 MEDIUM POC This Month

The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Appointment Booking Calendar
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2019-14799 MEDIUM POC This Month

The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Fv Flowplayer Video Player
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2019-14796 MEDIUM POC This Month

The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Mq Woocommerce Products Price Bulk Edit
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2019-14792 MEDIUM POC This Month

The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Google Wp Go Maps
NVD
CVSS 3.0
5.4
EPSS
1.1%
CVE-2019-14787 MEDIUM POC This Month

The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Newsletters
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2019-14785 MEDIUM POC This Month

The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Cp Contact Form With Paypal
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-14798 MEDIUM POC This Month

The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal WordPress Photo Gallery
NVD
CVSS 3.0
4.9
EPSS
4.4%
CVE-2019-14433 MEDIUM PATCH This Month

An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nova Ubuntu Linux Openstack Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-5498 MEDIUM This Month

OnCommand Insight versions through 7.3.6 may disclose sensitive account information to an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oncommand Insight
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2019-5408 MEDIUM This Month

Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xp7 Device Manager Xp7 Replication Manager Xp7 Tiered Storage Manager
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2019-5407 MEDIUM This Month

A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure 3Par Storeserv Management Console
NVD
CVSS 3.0
6.3
EPSS
1.0%
CVE-2019-5400 MEDIUM This Month

A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure 3Par Service Processor Firmware
NVD
CVSS 3.0
6.3
EPSS
0.9%
CVE-2019-14807 MEDIUM PATCH This Month

In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Mobilefrontend
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-11274 MEDIUM This Month

Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS User Account And Authentication
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-5398 MEDIUM This Month

A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3Par Service Processor Firmware
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-14797 MEDIUM This Month

The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Photo Gallery
NVD
CVSS 3.0
5.4
EPSS
1.3%
CVE-2019-12265 MEDIUM This Month

Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vxworks Sonicos Siprotec 5 Firmware E Series Santricity Os Controller +8
NVD
CVSS 3.1
5.3
EPSS
55.3%
CVE-2019-5403 MEDIUM This Month

A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3Par Storeserv Management Console
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2019-14805 MEDIUM This Month

studio/builder_menu.php?page=sets in UNA 10.0.0-RC1 allows XSS via the System Name field under Sets during set editing. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Una
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2019-14804 MEDIUM POC This Month

studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Una
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
2.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy