Skip to main content
CVE-2019-18199 MEDIUM POC This Month

An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lx390 Firmware
NVD
CVSS 3.1
6.6
EPSS
0.4%
CVE-2019-18419 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Clonos
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-18416 MEDIUM POC This Month

Sourcecodester Restaurant Management System 1.0 allows XSS via the Last Name field of a member. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Restaurant Management System
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-18415 MEDIUM POC This Month

Sourcecodester Restaurant Management System 1.0 allows XSS via the "send a message" screen. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Restaurant Management System
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-12094 MEDIUM POC This Month

Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Groupware
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
1.5%
CVE-2019-18393 MEDIUM POC PATCH THREAT This Month

PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Java Path Traversal Openfire
NVD GitHub
CVSS 3.1
5.3
EPSS
13.9%
CVE-2019-18196 MEDIUM This Month

A DLL side loading vulnerability in the Windows Service in TeamViewer versions up to 11.0.133222 (fixed in 11.0.214397), 12.0.181268 (fixed in 12.0.214399), 13.2.36215 (fixed in 13.2.36216), and. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Teamviewer
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2019-4397 MEDIUM PATCH This Month

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Cloud Orchestrator Cloud Orchestrator Enterprise
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-8080 MEDIUM This Month

Adobe Experience Manager versions 6.4 and 6.3 have a stored cross site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Privilege Escalation Adobe Experience Manager
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2019-8079 MEDIUM This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2019-8078 MEDIUM This Month

Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2019-17581 MEDIUM This Month

tonyy dormsystem through 1.3 allows DOM XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dormsystem
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-4486 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management Maximo For Aviation Maximo For Life Sciences +6
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4459 MEDIUM PATCH This Month

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cloud Orchestrator
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-9699 MEDIUM This Month

Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Messaging Gateway
NVD
CVSS 3.1
4.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy