CVE-2019-15488

Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test.

Source: CVE-2019-15488

CVE-2019-15487

DfE School Experience before v16333-GA has XSS via a teacher training URL.

Source: CVE-2019-15487

CVE-2019-15494

openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21.

Source: CVE-2019-15494

CVE-2019-15514

The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region’s assigned phone numbers.

Source: CVE-2019-15514

CVE-2019-15492

openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21.

Source: CVE-2019-15492

CVE-2019-15490

openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21.

Source: CVE-2019-15490

CVE-2019-15493

openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21.

Source: CVE-2019-15493

CVE-2019-15481

Kimai v2 before 1.1 has XSS via a timesheet description.

Source: CVE-2019-15481

CVE-2019-15480

Domoticz 4.10717 has XSS via item.Name.

Source: CVE-2019-15480

CVE-2019-15476

Former before 4.2.1 has XSS via a checkbox value.

Source: CVE-2019-15476