|
223861
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Sender email for automatic emails (default value in php.i…
|
CWE-79
Cross-site Scripting
|
CVE-2019-17578
|
2024-11-21 13:32 |
2019-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223862
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails (fields 'Errors-To' i…
|
CWE-79
Cross-site Scripting
|
CVE-2019-17577
|
2024-11-21 13:32 |
2019-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223863
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit URI via the "Send all emails to (instead of real recipients, for test…
|
CWE-79
Cross-site Scripting
|
CVE-2019-17576
|
2024-11-21 13:32 |
2019-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223864
|
6.1 |
MEDIUM
Network
|
limesurvey
|
limesurvey
|
A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang p…
|
CWE-79
Cross-site Scripting
|
CVE-2019-17660
|
2024-11-21 13:32 |
2019-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223865
|
4.8 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen.
|
CWE-79
Cross-site Scripting
|
CVE-2019-17630
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223866
|
4.8 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen.
|
CWE-79
Cross-site Scripting
|
CVE-2019-17629
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223867
|
6.5 |
MEDIUM
Adjacent
|
yalehome
|
yale_bluetooth_key
|
The Yale Bluetooth Key application for mobile devices allows unauthorized unlock actions by sniffing Bluetooth Low Energy (BLE) traffic during one authorized unlock action, and then calculating the a…
|
CWE-287
Improper Authentication
|
CVE-2019-17627
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223868
|
9.8 |
CRITICAL
Network
|
reportlab
|
reportlab
|
ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.
|
CWE-91
Blind XPath Injection
|
CVE-2019-17626
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223869
|
9.0 |
CRITICAL
Network
|
rambox
|
rambox
|
There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field …
|
CWE-79
CWE-78
Cross-site Scripting
OS Command
|
CVE-2019-17625
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223870
|
7.8 |
HIGH
Local
|
x.org
|
x_server
|
"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application …
|
CWE-787
Out-of-bounds Write
|
CVE-2019-17624
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
