|
222901
|
9.8 |
CRITICAL
Network
|
codesys
|
eni_server
codesys
|
CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-16265
|
2024-11-21 13:30 |
2019-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222902
|
8.8 |
HIGH
Network
|
open-emr
|
openemr
|
Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO s…
|
CWE-89
SQL Injection
|
CVE-2019-16404
|
2024-11-21 13:30 |
2019-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222903
|
7.2 |
HIGH
Network
|
sonatype
|
nexus_repository_manager
nexus_iq_server
|
Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-16530
|
2024-11-21 13:30 |
2019-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222904
|
5.4 |
MEDIUM
Network
|
nchsoftware
|
express_accounts_accounting
|
In NCH Express Accounts Accounting v7.02, persistent cross site scripting (XSS) exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify t…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16330
|
2024-11-21 13:30 |
2019-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222905
|
7.3 |
HIGH
Network
|
url_redirect_project
|
url_redirect
|
The url_redirect (aka URL redirect) extension through 1.2.1 for TYPO3 fails to properly sanitize user input and is susceptible to SQL Injection.
|
CWE-89
SQL Injection
|
CVE-2019-16682
|
2024-11-21 13:30 |
2019-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222906
|
5.4 |
MEDIUM
Network
|
pixelite
|
events_manager
|
The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcode…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16523
|
2024-11-21 13:30 |
2019-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222907
|
4.8 |
MEDIUM
Network
|
eu_cookie_law_project
|
eu_cookie_law
|
The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displa…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16522
|
2024-11-21 13:30 |
2019-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222908
|
6.1 |
MEDIUM
Network
|
managewp
|
broken_link_checker
|
The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The fi…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16521
|
2024-11-21 13:30 |
2019-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222909
|
5.4 |
MEDIUM
Network
|
semperplugins
|
all_in_one_seo_pack
|
The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plu…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16520
|
2024-11-21 13:30 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222910
|
5.4 |
MEDIUM
Network
|
nchsoftware
|
express_invoice
|
In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Cu…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16282
|
2024-11-21 13:30 |
2019-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
