|
225281
|
6.1 |
MEDIUM
Network
|
gfi
|
kerio_control
|
A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page to send back a victim's cleartext credentials to an attacker via a login/?reason=failure…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16414
|
2024-11-21 13:30 |
2019-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225282
|
9.8 |
CRITICAL
Network
|
plataformatec
|
simple_form
|
Plataformatec Simple Form has Incorrect Access Control in file_method? in lib/simple_form/form_builder.rb, because a user-supplied string is invoked as a method call.
|
CWE-20
Improper Input Validation
|
CVE-2019-16676
|
2024-11-21 13:30 |
2019-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225283
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privi…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16688
|
2024-11-21 13:30 |
2019-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225284
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achiev…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16687
|
2024-11-21 13:30 |
2019-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225285
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16686
|
2024-11-21 13:30 |
2019-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225286
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can a…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16685
|
2024-11-21 13:30 |
2019-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225287
|
8.8 |
HIGH
Network
|
netgate
|
pfsense
|
diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a "CSRF token expi…
|
CWE-352
Origin Validation Error
|
CVE-2019-16667
|
2024-11-21 13:30 |
2019-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225288
|
6.1 |
MEDIUM
Network
|
yzmcms
|
yzmcms
|
An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections.
|
CWE-74
Injection
|
CVE-2019-16532
|
2024-11-21 13:30 |
2019-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225289
|
4.8 |
MEDIUM
Network
|
status301
|
easy_fancybox
|
The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16524
|
2024-11-21 13:30 |
2019-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225290
|
5.3 |
MEDIUM
Network
|
symbiote
silverstripe
|
versionedfiles
silverstripe
|
In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic …
|
NVD-CWE-noinfo
|
CVE-2019-16409
|
2024-11-21 13:30 |
2019-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
