Skip to main content
CVE-2019-11584 MEDIUM This Month

The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Jira
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-15492 MEDIUM PATCH This Month

openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Openitcockpit
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-15488 MEDIUM PATCH This Month

Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Openfire
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15487 MEDIUM PATCH This Month

DfE School Experience before v16333-GA has XSS via a teacher training URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Department For Education School Experience
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15486 MEDIUM PATCH This Month

django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Python Django Js Reserve
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-15485 MEDIUM PATCH This Month

Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Bolt
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15484 MEDIUM PATCH This Month

Bolt before 3.6.10 has XSS via an image's alt or title field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Bolt
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15483 MEDIUM PATCH This Month

Bolt before 3.6.10 has XSS via a title that is mishandled in the system log. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Bolt
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15482 MEDIUM PATCH This Month

selectize-plugin-a11y before 1.1.0 has XSS via the msg field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Selectize Plugin A11Y
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15481 MEDIUM PATCH This Month

Kimai v2 before 1.1 has XSS via a timesheet description. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Kimai 2
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-5592 MEDIUM This Month

Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Information Disclosure Jwt Attack Oracle Fortinet +1
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2019-12400 MEDIUM PATCH This Month

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Java Information Disclosure Apache Santuario Xml Security For Java Jboss Enterprise Application Platform +1
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2019-13014 MEDIUM This Month

Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Little Snitch
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-13013 MEDIUM This Month

Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Little Snitch
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15517 MEDIUM PATCH This Month

jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Nginx Nginx Proxy Manager
NVD GitHub
CVSS 3.0
5.5
EPSS
0.7%
CVE-2019-8444 MEDIUM This Month

The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jira Server
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2019-15520 MEDIUM PATCH This Month

comelz Quark before 2019-03-26 allows directory traversal to locations outside of the project directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Quark
NVD GitHub
CVSS 3.0
5.3
EPSS
1.9%
CVE-2019-15518 MEDIUM PATCH This Month

Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Swoole
NVD GitHub
CVSS 3.0
5.3
EPSS
2.0%
CVE-2019-8445 MEDIUM This Month

Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Jira Server
NVD
CVSS 3.1
5.3
EPSS
2.7%
CVE-2019-8447 MEDIUM This Month

The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian CSRF Jira Server
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2019-14999 MEDIUM This Month

The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian CSRF Universal Plugin Manager
NVD
CVSS 3.0
4.3
EPSS
0.6%
CVE-2019-11588 MEDIUM This Month

The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian CSRF Jira Jira Server
NVD
CVSS 3.0
4.3
EPSS
0.8%
CVE-2019-11586 MEDIUM This Month

The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian CSRF Jira Jira Server
NVD
CVSS 3.0
4.3
EPSS
0.6%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy