CVE-2019-16219
WordPress before 5.2.3 allows XSS in shortcode previews.
Source: CVE-2019-16219
[월:] 2019년 09월
CVE-2019-16220 (wordpress)
CVE-2019-16220 (wordpress)
In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect.
Source: CVE-2019-16220 (wordpress)
CVE-2019-14997
CVE-2019-14997
The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN.
Source: CVE-2019-14997
CVE-2019-14996
CVE-2019-14996
The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.
Source: CVE-2019-14996
CVE-2019-14995
CVE-2019-14995
The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check.
Source: CVE-2019-14995
CVE-2019-14725
CVE-2019-14725
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account.
Source: CVE-2019-14725
CVE-2019-16193
CVE-2019-16193
In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting (XFS) attack through the EDIT MY PROFILE feature.
Source: CVE-2019-16193
CVE-2019-14724
CVE-2019-14724
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim’s account via an attacker account.
Source: CVE-2019-14724
CVE-2019-16214
CVE-2019-16214
Libra Core before 2019-09-03 has an erroneous regular expression for inline comments, which makes it easier for attackers to interfere with code auditing by using a nonstandard line-break character for a comment. For example, a Move module author can enter the // sequence (which introduces a single-line comment), followed by very brief comment text, the r character, and code that has security-critical functionality. In many popular environments, this code is displayed on a separate line, and thus a reader may infer that the code is executed. However, the code is NOT executed, because language/compiler/ir_to_bytecode/src/parser.rs allows the comment to continue after the r character.
Source: CVE-2019-16214
CVE-2019-6745
CVE-2019-6745
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-12828. Reason: This candidate is a reservation duplicate of CVE-2019-12828. Notes: All CVE users should reference CVE-2019-12828 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Source: CVE-2019-6745