|
224161
|
7.5 |
HIGH
Network
|
golang
debian
opensuse
fedoraproject
redhat
netapp
|
go
debian_linux
leap
fedora
openshift_container_platform
enterprise_linux
developer_tools
enterprise_linux_eus
cloud_insights_telegraf_agent
|
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
|
CWE-444
HTTP Request Smuggling
|
CVE-2019-16276
|
2024-11-21 13:30 |
2019-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224162
|
4.8 |
MEDIUM
Network
|
xoops
|
xoops
|
An issue was discovered in the image-manager in Xoops 2.5.10. When any image with a JavaScript payload as its name is hovered over in the list or in the Edit page, the payload executes.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16684
|
2024-11-21 13:30 |
2019-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224163
|
4.8 |
MEDIUM
Network
|
xoops
|
xoops
|
An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16683
|
2024-11-21 13:30 |
2019-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224164
|
6.1 |
MEDIUM
Network
|
gfi
|
kerio_control
|
A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page to send back a victim's cleartext credentials to an attacker via a login/?reason=failure…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16414
|
2024-11-21 13:30 |
2019-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224165
|
9.8 |
CRITICAL
Network
|
plataformatec
|
simple_form
|
Plataformatec Simple Form has Incorrect Access Control in file_method? in lib/simple_form/form_builder.rb, because a user-supplied string is invoked as a method call.
|
CWE-20
Improper Input Validation
|
CVE-2019-16676
|
2024-11-21 13:30 |
2019-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224166
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privi…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16688
|
2024-11-21 13:30 |
2019-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224167
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achiev…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16687
|
2024-11-21 13:30 |
2019-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224168
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16686
|
2024-11-21 13:30 |
2019-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224169
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can a…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16685
|
2024-11-21 13:30 |
2019-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224170
|
8.8 |
HIGH
Network
|
netgate
|
pfsense
|
diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a "CSRF token expi…
|
CWE-352
Origin Validation Error
|
CVE-2019-16667
|
2024-11-21 13:30 |
2019-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
