|
223861
|
7.5 |
HIGH
Network
|
b3log
|
wide
|
b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. First, the attacker can write code in the editor, and compile and run it approximately three times to read an arbitrar…
|
CWE-59
CWE-74
Link Following
Injection
|
CVE-2019-13915
|
2024-11-21 13:25 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223862
|
6.1 |
MEDIUM
Network
|
opera
|
mini
|
The Opera Mini application through 16.0.14 for iOS has a UXSS vulnerability that can be triggered by performing navigation to a javascript: URL.
|
CWE-79
Cross-site Scripting
|
CVE-2019-13607
|
2024-11-21 13:25 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223863
|
9.8 |
CRITICAL
Network
|
wpeverest
|
everest_forms
|
A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQ…
|
CWE-89
SQL Injection
|
CVE-2019-13575
|
2024-11-21 13:25 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223864
|
5.4 |
MEDIUM
Network
|
firefly-iii
|
firefly_iii
|
Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$file_id$ attach…
|
CWE-79
Cross-site Scripting
|
CVE-2019-13647
|
2024-11-21 13:25 |
2019-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223865
|
5.4 |
MEDIUM
Network
|
firefly-iii
|
firefly_iii
|
Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. NOTE: It is asserted that an attacker must have the same access rights as…
|
CWE-79
Cross-site Scripting
|
CVE-2019-13646
|
2024-11-21 13:25 |
2019-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223866
|
5.4 |
MEDIUM
Network
|
firefly-iii
|
firefly_iii
|
Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during attachments/edit/$file_id$ attachme…
|
CWE-79
Cross-site Scripting
|
CVE-2019-13645
|
2024-11-21 13:25 |
2019-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223867
|
5.4 |
MEDIUM
Network
|
firefly-iii
|
firefly_iii
|
Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tag…
|
CWE-79
Cross-site Scripting
|
CVE-2019-13644
|
2024-11-21 13:25 |
2019-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223868
|
6.1 |
MEDIUM
Network
|
espocrm
|
espocrm
|
Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message co…
|
CWE-79
Cross-site Scripting
|
CVE-2019-13643
|
2024-11-21 13:25 |
2019-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223869
|
9.8 |
CRITICAL
Network
|
qbittorrent
|
qbittorrent
|
In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current t…
|
CWE-78
OS Command
|
CVE-2019-13640
|
2024-11-21 13:25 |
2019-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223870
|
5.9 |
MEDIUM
Network
|
gnu
|
patch
|
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
|
CWE-59
Link Following
|
CVE-2019-13636
|
2024-11-21 13:25 |
2019-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
