Skip to main content
CVE-2019-16238 MEDIUM POC This Month

Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Aurora
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-16275 MEDIUM PATCH This Month

hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Hostapd Wpa Supplicant Debian Linux Ubuntu Linux
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-5956 MEDIUM This Month

Directory traversal vulnerability in WonderCMS 2.6.0 and earlier allows remote attackers to delete arbitrary files via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Wondercms
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-6009 MEDIUM PATCH This Month

Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Shirasagi
NVD GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2019-6004 MEDIUM This Month

Open redirect vulnerability in ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier allow remote attackers to redirect users to arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Apeosware Management Suite Apeosware Management Suite 2
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-6003 MEDIUM This Month

Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Amazon Pay
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-5985 MEDIUM This Month

Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pr S300Ne Firmware Rt S300Ne Firmware Rv S340Ne Firmware Pr S300Hi Firmware +20
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-5978 MEDIUM This Month

Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Garoon
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-10398 MEDIUM PATCH This Month

Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Beaker Builder
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-5975 MEDIUM This Month

DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-10396 MEDIUM PATCH This Month

Jenkins Dashboard View Plugin 2.11 and earlier did not escape build descriptions, resulting in a cross-site scripting vulnerability exploitable by users able to change build descriptions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Dashboard View
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-10395 MEDIUM PATCH This Month

Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Build Environment
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-5976 MEDIUM This Month

Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Garoon
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2019-5977 MEDIUM This Month

Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via the application 'E-Mail'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Garoon
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2019-10400 MEDIUM PATCH This Month

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Jenkins RCE Script Security
NVD
CVSS 3.1
4.2
EPSS
1.0%
CVE-2019-10399 MEDIUM PATCH This Month

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Jenkins RCE Script Security
NVD
CVSS 3.1
4.2
EPSS
1.0%
CVE-2019-10394 MEDIUM PATCH This Month

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions on the left-hand side of assignment expressions. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Jenkins RCE Script Security
NVD
CVSS 3.1
4.2
EPSS
1.0%
CVE-2019-10393 MEDIUM PATCH This Month

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Jenkins RCE Script Security
NVD
CVSS 3.1
4.2
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy