Skip to main content
CVE-2019-15477 MEDIUM POC PATCH This Month

Jooby before 1.6.4 has XSS via the default error handler. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jooby
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-15476 MEDIUM POC This Month

Former before 4.2.1 has XSS via a checkbox value. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Former
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15499 MEDIUM POC This Month

CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Apple Codimd
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-15480 MEDIUM POC PATCH This Month

Domoticz 4.10717 has XSS via item.Name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Domoticz
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-8446 MEDIUM POC THREAT This Month

The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Atlassian Jira Server
NVD
CVSS 3.1
5.3
EPSS
17.5%
CVE-2019-15514 MEDIUM POC This Month

The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Apple Information Disclosure Telegram
NVD
CVSS 3.0
5.3
EPSS
2.3%
CVE-2019-13421 MEDIUM POC This Month

Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Search Guard
NVD
CVSS 3.0
4.9
EPSS
1.1%
CVE-2019-15531 MEDIUM This Month

GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libextractor Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2019-11587 MEDIUM This Month

Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian CSRF Jira Jira Server
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2019-15508 MEDIUM This Month

In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Server Tentacle
NVD GitHub
CVSS 3.0
6.5
EPSS
0.7%
CVE-2019-15507 MEDIUM This Month

In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Server
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2019-5594 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet XSS Fortinac
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2019-13422 MEDIUM This Month

Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elastic Search Guard
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-11589 MEDIUM This Month

The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Open Redirect CSRF Jira Server
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-11585 MEDIUM This Month

The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Open Redirect Jira Jira Server
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2019-11584 MEDIUM This Month

The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlassian Jira
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-15492 MEDIUM PATCH This Month

openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Openitcockpit
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-15488 MEDIUM PATCH This Month

Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Openfire
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15487 MEDIUM PATCH This Month

DfE School Experience before v16333-GA has XSS via a teacher training URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Department For Education School Experience
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15486 MEDIUM PATCH This Month

django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Python Django Js Reserve
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-15485 MEDIUM PATCH This Month

Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Bolt
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15484 MEDIUM PATCH This Month

Bolt before 3.6.10 has XSS via an image's alt or title field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Bolt
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15483 MEDIUM PATCH This Month

Bolt before 3.6.10 has XSS via a title that is mishandled in the system log. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Bolt
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15482 MEDIUM PATCH This Month

selectize-plugin-a11y before 1.1.0 has XSS via the msg field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Selectize Plugin A11Y
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15481 MEDIUM PATCH This Month

Kimai v2 before 1.1 has XSS via a timesheet description. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Kimai 2
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-5592 MEDIUM This Month

Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Information Disclosure Jwt Attack Oracle Fortinet +1
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2019-12400 MEDIUM PATCH This Month

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Java Information Disclosure Apache Santuario Xml Security For Java Jboss Enterprise Application Platform +1
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2019-13014 MEDIUM This Month

Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Little Snitch
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-13013 MEDIUM This Month

Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Little Snitch
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15517 MEDIUM PATCH This Month

jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Nginx Nginx Proxy Manager
NVD GitHub
CVSS 3.0
5.5
EPSS
0.7%
CVE-2019-8444 MEDIUM This Month

The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jira Server
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2019-15520 MEDIUM PATCH This Month

comelz Quark before 2019-03-26 allows directory traversal to locations outside of the project directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Quark
NVD GitHub
CVSS 3.0
5.3
EPSS
1.9%
CVE-2019-15518 MEDIUM PATCH This Month

Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Swoole
NVD GitHub
CVSS 3.0
5.3
EPSS
2.0%
CVE-2019-8445 MEDIUM This Month

Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Jira Server
NVD
CVSS 3.1
5.3
EPSS
2.7%
CVE-2019-8447 MEDIUM This Month

The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian CSRF Jira Server
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2019-14999 MEDIUM This Month

The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian CSRF Universal Plugin Manager
NVD
CVSS 3.0
4.3
EPSS
0.6%
CVE-2019-11588 MEDIUM This Month

The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian CSRF Jira Jira Server
NVD
CVSS 3.0
4.3
EPSS
0.8%
CVE-2019-11586 MEDIUM This Month

The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian CSRF Jira Jira Server
NVD
CVSS 3.0
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy