CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Debian » Debian Linux » 9.0 * * * : Security Vulnerabilities Published In 2019 (Cross Site Scripting (XSS))

Cpe Name:cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-16728 79 XSS 2019-09-24 2020-11-10
4.3
None Remote Medium Not required None Partial None
DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari.
2 CVE-2019-12471 79 XSS 2019-07-10 2019-07-16
4.3
None Remote Medium Not required None Partial None
Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
3 CVE-2019-11358 79 XSS 2019-04-20 2021-10-20
4.3
None Remote Medium Not required None Partial None
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
4 CVE-2019-10092 79 XSS 2019-09-26 2021-09-09
4.3
None Remote Medium Not required None Partial None
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
5 CVE-2019-5778 79 XSS Bypass 2019-02-19 2019-04-18
4.3
None Remote Medium Not required None Partial None
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.
6 CVE-2013-7371 79 XSS 2019-12-11 2019-12-16
4.3
None Remote Medium Not required None Partial None
node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370)
7 CVE-2013-7370 79 XSS 2019-12-11 2019-12-17
4.3
None Remote Medium Not required None Partial None
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware
8 CVE-2013-6364 352 1 XSS CSRF 2019-11-05 2019-11-13
6.8
None Remote Medium Not required Partial Partial Partial
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
9 CVE-2013-4168 79 XSS 2019-11-01 2020-08-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields.
10 CVE-2013-4158 79 XSS 2019-12-11 2019-12-17
4.3
None Remote Medium Not required None Partial None
smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790)
11 CVE-2013-1951 79 XSS 2019-10-31 2020-08-18
4.3
None Remote Medium Not required None Partial None
A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names.
12 CVE-2012-1115 79 XSS 2019-12-05 2019-12-09
4.3
None Remote Medium Not required None Partial None
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.
13 CVE-2012-1114 79 XSS 2019-12-05 2019-12-12
4.3
None Remote Medium Not required None Partial None
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.
14 CVE-2012-0812 79 XSS 2019-11-22 2019-11-26
4.3
None Remote Medium Not required None Partial None
PostfixAdmin 2.3.4 has multiple XSS vulnerabilities
Total number of vulnerabilities : 14   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.