Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10873 | 1 Wpseeds | 1 Wp Database Backup | 2019-10-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-database-backup plugin before 4.3.3 for WordPress has XSS. | |||||
| CVE-2019-1070 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2019-10-11 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | |||||
| CVE-2019-12707 | 1 Cisco | 3 Unified Communications Manager, Unified Communications Manager Im And Presence Service, Unity Connection | 2019-10-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. | |||||
| CVE-2019-17417 | 1 Pbootcms | 1 Pbootcms | 2019-10-11 | 3.5 LOW | 4.8 MEDIUM |
| PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs. | |||||
| CVE-2019-1328 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Foundation | 2019-10-11 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. | |||||
| CVE-2019-1329 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Foundation | 2019-10-11 | 3.5 LOW | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1330. | |||||
| CVE-2015-9459 | 1 Seo Searchterms Tagging 2 Project | 1 Seo Searchterms Tagging 2 | 2019-10-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The searchterms-tagging-2 plugin through 1.535 for WordPress has XSS via the wp-admin/options-general.php count parameter. | |||||
| CVE-2015-9468 | 1 K-78 | 1 Broken Link Manager | 2019-10-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action. | |||||
| CVE-2019-17491 | 1 Jnoj | 1 Jiangnan Online Judge | 2019-10-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[description] parameter to web/admin/problem/create or web/polygon/problem/update. | |||||
| CVE-2019-17489 | 1 Jnoj | 1 Jiangnan Online Judge | 2019-10-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create. | |||||
| CVE-2019-17493 | 1 Jnoj | 1 Jiangnan Online Judge | 2019-10-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_input] parameter to web/admin/problem/create or web/polygon/problem/update. | |||||
| CVE-2019-17239 | 1 Wpfactory | 1 Download Plugins And Themes From Dashboard | 2019-10-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| includes/settings/class-alg-download-plugins-settings.php in the download-plugins-dashboard plugin through 1.5.0 for WordPress has multiple unauthenticated stored XSS issues. | |||||
| CVE-2015-9453 | 1 K-78 | 1 Broken Link Manager | 2019-10-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist. | |||||
| CVE-2019-17071 | 1 Realbigplugins | 1 Client Dash | 2019-10-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The client-dash (aka Client Dash) plugin 2.1.4 for WordPress allows XSS. | |||||
| CVE-2019-0369 | 1 Sap | 1 Financial Consolidation | 2019-10-10 | 3.5 LOW | 5.4 MEDIUM |
| SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability. | |||||
| CVE-2019-17433 | 1 Laravel-admin | 1 Laravel-admin | 2019-10-10 | 3.5 LOW | 4.8 MEDIUM |
| z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen. | |||||
| CVE-2019-11651 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2019-10-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web requests. | |||||
| CVE-2019-17434 | 1 Lavalite | 1 Lavalite | 2019-10-10 | 3.5 LOW | 5.4 MEDIUM |
| LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen. | |||||
| CVE-2019-0374 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2019-10-10 | 3.5 LOW | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting | |||||
| CVE-2019-0375 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2019-10-10 | 3.5 LOW | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in reflected Cross-Site Scripting. | |||||
| CVE-2019-0376 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2019-10-10 | 3.5 LOW | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in Stored Cross-Site Scripting. | |||||
| CVE-2019-0377 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2019-10-10 | 3.5 LOW | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the input controls, resulting in Stored Cross-Site Scripting. | |||||
| CVE-2019-0378 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2019-10-10 | 3.5 LOW | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting. | |||||
| CVE-2019-11212 | 1 Tibco | 1 Master Data Management | 2019-10-10 | 3.5 LOW | 5.4 MEDIUM |
| The MDM server component of TIBCO Software Inc's TIBCO MDM contains multiple vulnerabilities that theoretically allow an authenticated user with specific roles to perform cross-site scripting (XSS) attacks. This issue affects TIBCO Software Inc.'s TIBCO MDM version 9.0.1 and prior versions; version 9.1.0. | |||||
| CVE-2019-9919 | 1 Harmistechnology | 1 Je Messenger | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when the message is opened, aka XSS. | |||||
| CVE-2019-8987 | 1 Tibco | 2 Data Science For Aws, Spotfire Data Science | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically allows an authenticated user to gain access to all the capabilities of the web interface available to more privileged users. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0. | |||||
| CVE-2019-6159 | 1 Lenovo | 30 Bladecenter Hs22, Bladecenter Hs22 Firmware, Bladecenter Hs22v and 27 more | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause JavaScript code to be stored in the IMM log which may then be executed in the user's web browser when IMM log records containing the JavaScript code are viewed. The JavaScript code is not executed on IMM itself. The later IMM2 (IMM v2) is not affected. | |||||
| CVE-2019-7000 | 1 Avaya | 1 Aura Conferencing | 2019-10-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated. | |||||
| CVE-2019-6562 | 1 Philips | 1 Tasy Emr | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. | |||||
| CVE-2019-6565 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script. | |||||
| CVE-2019-6835 | 1 Schneider-electric | 8 Meg6260-0410, Meg6260-0410 Firmware, Meg6260-0415 and 5 more | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to inject client-side script when a user visits a web page. | |||||
| CVE-2019-6180 | 1 Lenovo | 1 Xclarity Administrator | 2019-10-09 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not executed on LXCA itself. | |||||
| CVE-2019-6181 | 1 Lenovo | 1 Xclarity Administrator | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The JavaScript code is not executed on LXCA itself. | |||||
| CVE-2019-4149 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and V8.5.6.0 through V8.5.6.0 CF2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158415. | |||||
| CVE-2019-4495 | 1 Ibm | 1 Jazz Reporting Service | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164116. | |||||
| CVE-2019-4070 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157015. | |||||
| CVE-2019-4497 | 1 Ibm | 1 Jazz Reporting Service | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164118. | |||||
| CVE-2019-4029 | 1 Ibm | 1 Sterling B2b Integrator | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 155907. | |||||
| CVE-2019-4030 | 1 Ibm | 2 Websphere Application Server, Websphere Virtual Enterprise | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155946. | |||||
| CVE-2019-4033 | 1 Ibm | 1 Content Navigator | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155999. | |||||
| CVE-2019-4148 | 1 Ibm | 1 Sterling B2b Integrator | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158414. | |||||
| CVE-2019-4027 | 1 Ibm | 1 Sterling B2b Integrator | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 155905. | |||||
| CVE-2019-4028 | 1 Ibm | 1 Sterling B2b Integrator | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155906. | |||||
| CVE-2019-4040 | 1 Ibm | 1 I | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM I 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 156164. | |||||
| CVE-2019-4073 | 1 Ibm | 1 Sterling B2b Integrator | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157107. | |||||
| CVE-2019-4074 | 1 Ibm | 1 Sterling B2b Integrator | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157108. | |||||
| CVE-2019-4075 | 1 Ibm | 1 Sterling B2b Integrator | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157109. | |||||
| CVE-2019-4076 | 1 Ibm | 1 Sterling B2b Integrator | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157110. | |||||
| CVE-2019-4077 | 1 Ibm | 1 Sterling B2b Integrator | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157111. | |||||
| CVE-2019-4083 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157383. | |||||