Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4249 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159647. | |||||
| CVE-2019-4083 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157383. | |||||
| CVE-2019-4077 | 1 Ibm | 1 Sterling B2b Integrator | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157111. | |||||
| CVE-2019-4075 | 1 Ibm | 1 Sterling B2b Integrator | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157109. | |||||
| CVE-2019-4238 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159464. | |||||
| CVE-2019-4074 | 1 Ibm | 1 Sterling B2b Integrator | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157108. | |||||
| CVE-2019-4073 | 1 Ibm | 1 Sterling B2b Integrator | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157107. | |||||
| CVE-2019-4040 | 1 Ibm | 1 I | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM I 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 156164. | |||||
| CVE-2019-4028 | 1 Ibm | 1 Sterling B2b Integrator | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155906. | |||||
| CVE-2019-4027 | 1 Ibm | 1 Sterling B2b Integrator | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 155905. | |||||
| CVE-2019-4237 | 1 Ibm | 3 Infosphere Information Governance Catalog, Infosphere Information Server, Infosphere Information Server On Cloud | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419. | |||||
| CVE-2019-5458 | 1 Http-file-server Project | 1 Http-file-server | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser. | |||||
| CVE-2019-4157 | 1 Ibm | 1 Security Access Manager | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573. | |||||
| CVE-2019-4571 | 1 Ibm | 1 Content Navigator | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166721. | |||||
| CVE-2019-5471 | 1 Gitlab | 1 Gitlab | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6. | |||||
| CVE-2019-4564 | 1 Ibm | 1 Security Key Lifecycle Manager | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2019-4482 | 1 Ibm | 1 Emptoris Spend Analysis | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164066. | |||||
| CVE-2019-4148 | 1 Ibm | 1 Sterling B2b Integrator | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158414. | |||||
| CVE-2019-4070 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157015. | |||||
| CVE-2019-4211 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159131. | |||||
| CVE-2019-4542 | 1 Ibm | 1 Security Directory Server | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 165815. | |||||
| CVE-2019-4497 | 1 Ibm | 1 Jazz Reporting Service | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164118. | |||||
| CVE-2019-5457 | 1 Min-http-server Project | 1 Min-http-server | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in min-http-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser. | |||||
| CVE-2019-4403 | 1 Ibm | 1 Connections | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Connections 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162264. | |||||
| CVE-2019-4029 | 1 Ibm | 1 Sterling B2b Integrator | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 155907. | |||||
| CVE-2019-4030 | 1 Ibm | 2 Websphere Application Server, Websphere Virtual Enterprise | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155946. | |||||
| CVE-2019-4136 | 1 Ibm | 1 Cognos Controller | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158332. | |||||
| CVE-2019-5467 | 1 Gitlab | 1 Gitlab | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. | |||||
| CVE-2019-4495 | 1 Ibm | 1 Jazz Reporting Service | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164116. | |||||
| CVE-2019-4149 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and V8.5.6.0 through V8.5.6.0 CF2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158415. | |||||
| CVE-2019-4011 | 1 Ibm | 1 Bigfix Platform | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155885. | |||||
| CVE-2019-3776 | 1 Pivotal Software | 1 Operations Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user to interact with malicious content could execute arbitrary JavaScript in the user's browser. | |||||
| CVE-2019-3872 | 1 Redhat | 3 Enterprise Linux, Jboss Enterprise Application Platform, Single Sign-on | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks. | |||||
| CVE-2019-3754 | 1 Dell | 4 Emc Unity Operating Environment, Emc Unityvsa Operating Environment, Emc Vnxe3200 and 1 more | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected cross-site scripting vulnerability on the cas/logout page. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser. | |||||
| CVE-2019-3413 | 1 Zte | 2 Netnumen Dap, Netnumen Dap Firmware | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an XSS vulnerability. Due to the lack of correct validation of client data in WEB applications, which results in users being hijacked. | |||||
| CVE-2019-3747 | 1 Dell | 5 Emc Idpa Dp4400, Emc Idpa Dp5800, Emc Idpa Dp8300 and 2 more | 2019-10-09 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. A remote malicious ACM admin user may potentially exploit this vulnerability to store malicious HTML or JavaScript code in Cloud DR add-on specific field. When victim users access the page through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2019-3708 | 1 Dell | 1 Emc Isilonsd Management Server | 2019-10-09 | 9.3 HIGH | 9.6 CRITICAL |
| IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an OVA file. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user. | |||||
| CVE-2019-3709 | 1 Dell | 1 Emc Isilonsd Management Server | 2019-10-09 | 9.3 HIGH | 9.6 CRITICAL |
| IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering vCenter servers. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user. | |||||
| CVE-2019-3889 | 1 Redhat | 1 Openshift Container Platform | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. An attacker could use this flaw to steal authorization data by getting them to click on a malicious link. | |||||
| CVE-2019-3911 | 1 Labkey | 1 Labkey Server | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /__r2/query endpoints. | |||||
| CVE-2019-3562 | 1 Oculus | 1 Oculus Browser | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote web page could inject arbitrary HTML code into the Oculus Browser UI, allowing an attacker to spoof UI and potentially execute code. This affects the Oculus Browser starting from version 5.2.7 until 5.7.11. | |||||
| CVE-2019-3638 | 1 Mcafee | 1 Web Gateway | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link. | |||||
| CVE-2019-3418 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability to execute malicious scripts. | |||||
| CVE-2019-1777 | 1 Cisco | 1 Registered Envelope Service | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user of the service. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by sending an email with a malicious payload to another user. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. This vulnerability affects software versions 5.3.4.x. | |||||
| CVE-2019-1792 | 1 Cisco | 1 Umbrella | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the URL block page of Cisco Umbrella could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user in a network protected by Umbrella. The vulnerability is due to insufficient validation of input parameters passed to that page. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. This vulnerability has been fixed in the current version of Cisco Umbrella. Cisco Umbrella is a cloud service. | |||||
| CVE-2019-1875 | 1 Cisco | 1 Prime Service Catalog | 2019-10-09 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by adding specific strings to multiple configuration fields. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. | |||||
| CVE-2019-1802 | 1 Cisco | 1 Firepower Management Center | 2019-10-09 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input in the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user to access a report containing malicious content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Versions 6.2.3, 6.3.0, and 6.4.0 are affected. | |||||
| CVE-2019-1852 | 1 Cisco | 1 Network Registrar | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. | |||||
| CVE-2019-1956 | 1 Cisco | 2 Spa112 2-port Phone Adapter, Spa112 2-port Phone Adapter Firmware | 2019-10-09 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web-based interface of the Cisco SPA112 2-Port Phone Adapter could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user of the device. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected device. An attacker could exploit this vulnerability by inserting malicious code in one of the configuration fields. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2019-1882 | 1 Cisco | 1 Industrial Network Director | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks. The vulnerability is due to improper validation of content submitted to the affected application. An attacker could exploit this vulnerability by sending requests containing malicious values to the affected system. A successful exploit could allow the attacker to conduct XSS attacks. | |||||