|
223381
|
6.1 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit …
|
CWE-79
Cross-site Scripting
|
CVE-2019-15539
|
2024-11-21 13:28 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223382
|
6.1 |
MEDIUM
Network
|
mediawiki
|
mobilefrontend
|
In the MobileFrontend extension for MediaWiki, XSS exists within the edit summary field of the watchlist feed. This affects REL1_31, REL1_32, and REL1_33.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15124
|
2024-11-21 13:28 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223383
|
8.8 |
HIGH
Network
|
centreon
|
centreon_web
|
An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. Th…
|
CWE-287
Improper Authentication
|
CVE-2019-15299
|
2024-11-21 13:28 |
2020-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223384
|
4.8 |
MEDIUM
Network
|
cisco
|
dna_center
|
A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) a…
|
CWE-79
Cross-site Scripting
|
CVE-2019-15253
|
2024-11-21 13:28 |
2020-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223385
|
3.1 |
LOW
Adjacent
|
apple
broadcom
|
iphone_os
ipados
mac_os_x
bcm4389_firmware
bcm43012_firmware
bcm43013_firmware
bcm4375_firmware
bcm43752_firmware
bcm4356_firmware
|
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper la…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2019-15126
|
2024-11-21 13:28 |
2020-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223386
|
6.1 |
MEDIUM
Network
|
zimbra
|
collaboration_server
|
In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15313
|
2024-11-21 13:28 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223387
|
6.1 |
MEDIUM
Network
|
cisco
|
finesse
unified_contact_center_express
|
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device. …
|
CWE-79
Cross-site Scripting
|
CVE-2019-15278
|
2024-11-21 13:28 |
2020-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223388
|
6.5 |
MEDIUM
Network
|
cisco
|
identity_services_engine
|
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access sensitive information re…
|
NVD-CWE-Other
|
CVE-2019-15255
|
2024-11-21 13:28 |
2020-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223389
|
6.5 |
MEDIUM
Network
|
control-webpanel
|
webpanel
|
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's session file name from /home/[USERNAME]/tmp/session/sess_xxxxxx, and the victim's token value from /usr/l…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-15235
|
2024-11-21 13:28 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223390
|
8.8 |
HIGH
Network
|
centreon
|
centreon_web
|
A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly…
|
CWE-89
SQL Injection
|
CVE-2019-15300
|
2024-11-21 13:28 |
2019-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
