|
222101
|
6.1 |
MEDIUM
Network
|
fusionpbx
|
fusionpbx
|
In FusionPBX up to v4.5.7, the file app\access_controls\access_control_nodes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16982
|
2024-11-21 13:31 |
2019-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222102
|
6.1 |
MEDIUM
Network
|
fusionpbx
|
fusionpbx
|
In FusionPBX up to v4.5.7, the file app\conference_profiles\conference_profile_params.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to …
|
CWE-79
Cross-site Scripting
|
CVE-2019-16981
|
2024-11-21 13:31 |
2019-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222103
|
6.5 |
MEDIUM
Network
|
fusionpbx
|
fusionpbx
|
In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname (base64 encoded) and allows a download of it.
|
CWE-22
Path Traversal
|
CVE-2019-16990
|
2024-11-21 13:31 |
2019-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222104
|
8.8 |
HIGH
Network
|
fusionpbx
|
fusionpbx
|
In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_edit.php uses an unsanitized "id" variable coming from the URL in an unparameterized SQL query, leading to SQL injection.
|
CWE-89
SQL Injection
|
CVE-2019-16980
|
2024-11-21 13:31 |
2019-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222105
|
6.1 |
MEDIUM
Network
|
fusionpbx
|
fusionpbx
|
In FusionPBX up to v4.5.7, the file app\contacts\contact_urls.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16979
|
2024-11-21 13:31 |
2019-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222106
|
6.1 |
MEDIUM
Network
|
fusionpbx
|
fusionpbx
|
In FusionPBX up to v4.5.7, the file app\devices\device_settings.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16978
|
2024-11-21 13:31 |
2019-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222107
|
6.1 |
MEDIUM
Network
|
open-emr
|
openemr
|
Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16862
|
2024-11-21 13:31 |
2019-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222108
|
5.4 |
MEDIUM
Network
|
managewp
|
broken_link_checker
|
A reflected XSS vulnerability was found in includes/admin/table-printer.php in the broken-link-checker (aka Broken Link Checker) plugin 1.11.8 for WordPress. This allows unauthorized users to inject …
|
CWE-79
Cross-site Scripting
|
CVE-2019-17207
|
2024-11-21 13:31 |
2019-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222109
|
7.5 |
HIGH
Network
|
linuxfoundation
vmware
|
harbor
cloud_foundation
harbor_container_registry
|
Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permiss…
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-16919
|
2024-11-21 13:31 |
2019-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222110
|
6.1 |
MEDIUM
Network
|
wikidsystems
|
2fa_enterprise_server
|
A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/adm_us…
|
CWE-79
Cross-site Scripting
|
CVE-2019-17120
|
2024-11-21 13:31 |
2019-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
