CVE-2019-1020019 CVSS:4.3
invenio-previewer before 1.0.0a12 allows XSS. (Last Update:2019-07-31) (Publish Update:2019-07-29)
CVE-2019-1020010 CVSS:4.3
Misskey before 10.102.4 allows hijacking a user's token. (Last Update:2019-08-05) (Publish Update:2019-07-29)
CVE-2019-1020008 CVSS:4.3
stacktable.js before 1.0.4 allows XSS. (Last Update:2019-07-31) (Publish Update:2019-07-29)
CVE-2019-1020007 CVSS:3.5
Dependency-Track before 3.5.1 allows XSS. (Last Update:2019-07-30) (Publish Update:2019-07-29)
CVE-2019-1020005 CVSS:3.5
invenio-communities before 1.0.0a20 allows XSS. (Last Update:2019-08-01) (Publish Update:2019-07-29)
CVE-2019-1020003 CVSS:3.5
invenio-records before 1.2.2 allows XSS. (Last Update:2019-08-01) (Publish Update:2019-07-29)
CVE-2019-1010314 CVSS:4.3
Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page. (Last Update:2019-07-12) (Publish Update:2019-07-11)
CVE-2019-1010311 CVSS:0.0
Tildeslash Monit Version 5.25.2 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Execute javascript in a victim s browser; disable all monitoring for a particular host or service. The component is: In function do_viewlog() on line 910 in Monit/src/http/cervlet.c, an attacker controlled log file is copied into an HTTP response without any HTML escaping. The attack vector is: An authenticated remote attacker can exploit the vulnerability over a network. The fixed version is: Version 5.25.3 and later. (Last Update:2019-07-12) (Publish Update:2019-07-12)
CVE-2019-1010309 CVSS:0.0
pacman prior to version 5.1.3 is affected by: Directory Traversal. The impact is: arbitrary file placement potentially leading to arbitrary root code execution. The component is: installing a remote package via a specified URL "pacman -U <url>". The problem was located in function curl_download_internal in lib/libalpm/dload.c line 535. The attack vector is: the victim must install a remote package via a specified URL from a malicious server (or a network MitM if downloading over HTTP). The fixed version is: 5.1.3 via commit 9702703633bec2c007730006de2aeec8587dfc84. (Last Update:2019-07-12) (Publish Update:2019-07-12)
CVE-2019-1010307 CVSS:3.5
GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). The impact is: All dropdown values are vulnerable to XSS leading to privilege escalation and executing js on admin. The component is: /glpi/ajax/getDropDownValue.php. The attack vector is: 1- User Create a ticket , 2- Admin opens another ticket and click on the "Link Tickets" feature, 3- a request to the endpoint fetches js and executes it. (Last Update:2019-07-18) (Publish Update:2019-07-15)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by