Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1706 | 1 Ibm | 1 Spectrum Symphony | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 146341. | |||||
| CVE-2018-1513 | 1 Ibm | 1 Sterling B2b Integrator | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0 through 5.2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141551. | |||||
| CVE-2018-1507 | 1 Ibm | 1 Rational Doors Next Generation | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141415. | |||||
| CVE-2018-1246 | 1 Dell | 2 Emc Unity Operating Environment, Emc Unityvsa Operating Environment | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser. | |||||
| CVE-2018-1534 | 1 Ibm | 1 Rational Publishing Engine | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142432. | |||||
| CVE-2018-1255 | 1 Emc | 1 Rsa Identity Governance And Lifecycle | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. | |||||
| CVE-2018-1496 | 1 Ibm | 1 Content Navigator | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141219. | |||||
| CVE-2018-1643 | 1 Ibm | 1 Websphere Application Server | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144588 | |||||
| CVE-2018-1494 | 1 Ibm | 1 Rational Doors Next Generation | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141097. | |||||
| CVE-2018-1653 | 1 Ibm | 1 Security Access Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144726. | |||||
| CVE-2018-1483 | 1 Ibm | 1 Websphere Portal | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140918. | |||||
| CVE-2018-1659 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144885. | |||||
| CVE-2018-1686 | 1 Ibm | 1 Maximo Asset Management | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145505. | |||||
| CVE-2018-1444 | 1 Ibm | 1 Websphere Portal | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139906. | |||||
| CVE-2018-1441 | 1 Ibm | 1 Monitoring | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.3 and 8.1.4) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139597. | |||||
| CVE-2018-1440 | 1 Ibm | 1 Rational Quality Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139595. | |||||
| CVE-2018-1676 | 1 Ibm | 1 Planning Analytics Local | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145118. | |||||
| CVE-2018-1439 | 1 Ibm | 1 Rational Quality Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139589. | |||||
| CVE-2018-1429 | 1 Ibm | 1 Mq Appliance | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139077. | |||||
| CVE-2018-1408 | 1 Ibm | 1 Rational Team Concert | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138446. | |||||
| CVE-2018-1407 | 1 Ibm | 1 Rational Team Concert | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138445. | |||||
| CVE-2018-1405 | 1 Ibm | 1 Rational Quality Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138441. | |||||
| CVE-2018-1422 | 1 Ibm | 1 Rational Doors Next Generation | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation products (IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.5) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139025. | |||||
| CVE-2018-1404 | 1 Ibm | 1 Rational Quality Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138440. | |||||
| CVE-2018-1403 | 1 Ibm | 1 Rational Quality Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138439. | |||||
| CVE-2018-1396 | 1 Ibm | 1 Rational Quality Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138429. | |||||
| CVE-2018-1395 | 1 Ibm | 1 Rational Quality Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138427. | |||||
| CVE-2018-1394 | 1 Ibm | 6 Rational Doors Next Generation, Rational Engineering Lifecycle Manager, Rational Quality Manager and 3 more | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Multiple IBM Rational products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138425. | |||||
| CVE-2018-1384 | 1 Ibm | 4 Business Process Manager, Business Process Manager Enterprise Service Bus, Websphere Enterprise Service Bus and 1 more | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135. | |||||
| CVE-2018-1390 | 1 Ibm | 1 Financial Transaction Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Financial Transaction Manager for Check Services for Multi-Platform 3.0, 3.0.2, and 3.0.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138221. | |||||
| CVE-2018-1673 | 1 Ibm | 1 Websphere Portal | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108. | |||||
| CVE-2018-1376 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137777. | |||||
| CVE-2018-1347 | 1 Netiq | 1 Imanager | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting. | |||||
| CVE-2018-1667 | 1 Ibm | 1 Datapower Gateway | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144893. | |||||
| CVE-2018-18813 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0. | |||||
| CVE-2018-18997 | 1 Abb | 4 Gate-e1, Gate-e1 Firmware, Gate-e2 and 1 more | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visitor browser. | |||||
| CVE-2018-19006 | 1 Osisoft | 1 Pi Vision | 2019-10-09 | 3.5 LOW | 4.8 MEDIUM |
| OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The application contains a cross-site scripting vulnerability where displays that reference AF elements and attributes containing JavaScript are affected. This vulnerability requires the ability of authorized AF users to store JavaScript in AF elements and attributes. | |||||
| CVE-2018-18991 | 1 Spidercontrol | 1 Scada Webserver | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected cross-site scripting (non-persistent) in SCADA WebServer (Versions prior to 2.03.0001) could allow an attacker to send a crafted URL that contains JavaScript, which can be reflected off the web application to the victim's browser. | |||||
| CVE-2018-18807 | 1 Tibco | 1 Statistica Server | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| The web application of the TIBCO Statistica component of TIBCO Software Inc.'s TIBCO Statistica Server contains vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Statistica Server versions up to and including 13.4.0. | |||||
| CVE-2018-18816 | 1 Tibco | 3 Jasperreports Server, Jaspersoft, Jaspersoft Reporting And Analytics | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| The repository component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS contains a persistent cross site scripting vulnerability. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi- Tenancy versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0. | |||||
| CVE-2018-18985 | 1 Tridium | 3 Niagara, Niagara Ax Framework, Niagara Enterprise Security | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality. | |||||
| CVE-2018-19644 | 1 Microfocus | 1 Solutions Business Manager | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | |||||
| CVE-2018-17904 | 1 Geovap | 1 Reliance 4 | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code. | |||||
| CVE-2018-16474 | 1 Tianma-static Project | 1 Tianma-static | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored xss in tianma-static module versions <=1.0.4 allows an attacker to execute arbitrary javascript. | |||||
| CVE-2018-16480 | 1 Public Project | 1 Public | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering. | |||||
| CVE-2018-16481 | 1 Html-pages Project | 1 Html-pages | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering. | |||||
| CVE-2018-16459 | 1 Exceljs Project | 1 Exceljs | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| An unescaped payload in exceljs <v1.6 allows a possible XSS via cell value when worksheet is displayed in browser. | |||||
| CVE-2018-16468 | 2 Debian, Loofah Project | 2 Debian Linux, Loofah | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. | |||||
| CVE-2018-16484 | 1 M-server Project | 1 M-server | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names. | |||||
| CVE-2018-16555 | 1 Siemens | 8 Scalance S602, Scalance S602 Firmware, Scalance S612 and 5 more | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions < V4.0.1.1). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. | |||||