Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2644 | 1 Hp | 1 Systems Insight Manager | 2019-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2014-2640 | 1 Hp | 1 System Management Homepage | 2019-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-4661 | 1 Hp | 1 Records Manager | 2019-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Records Manager before 7.3.5 and 8.x before 8.1 Patch 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-2647 | 1 Hp | 1 Operations Agent | 2019-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 11.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-10065 | 1 Remarkable Project | 1 Remarkable | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content. | |||||
| CVE-2014-1427 | 1 Canonical | 1 Metal As A Service | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2. | |||||
| CVE-2013-6220 | 1 Hp | 1 Network Node Manager I | 2019-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0, 9.10, and 9.20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-4845 | 1 Hp | 2 Officejet Pro 8500, Officejet Pro 8500 Firmware | 2019-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability on HP Officejet Pro 8500 (aka A909) All-in-One printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-4842 | 1 Hp | 2 Integrated Lights-out, Integrated Lights-out Firmware | 2019-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-4833 | 1 Hp | 1 Service Manager | 2019-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Service Manager 9.30 through 9.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-4815 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2019-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web interface in HP ArcSight Enterprise Security Manager (ESM) before 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-4814 | 1 Hp | 1 Xp 9000 Command View | 2019-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP XP P9000 Command View Advanced Edition Suite Software 7.x before 7.5.0-02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-2361 | 1 Hp | 1 System Management Homepage | 2019-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-2364 | 1 Hp | 1 System Management Homepage | 2019-10-09 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-2321 | 2 Hp, Microsoft | 2 Service Manager Web Tier, Windows | 2019-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-2337 | 1 Hp | 2 Service Center, Service Manager | 2019-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-5219 | 1 Hp | 1 Managed Printing Administration | 2019-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Managed Printing Administration (MPA) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-5200 | 1 Hp | 2 Intelligent Management Center, Intelligent Management Center For Automated Network Manager | 2019-10-09 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-3251 | 1 Hp | 2 Service Center Web Tier, Service Manager Web Tier | 2019-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 7.11, 9.21, and 9.30, and HP Service Center Web Tier 6.28, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-3279 | 1 Hp | 1 Network Node Manager I | 2019-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-2022 | 1 Hp | 1 Network Node Manager I | 2019-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-2021 | 1 Hp | 1 Assetmanager | 2019-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HP AssetManager 5.20, 5.21, 5.22, and 9.30 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-2408 | 1 Hp | 1 Palm Webos | 2019-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Contacts application in HP Palm webOS 3.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-2410 | 1 Hp | 1 Openview Performance Insight | 2019-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-2409 | 1 Hp | 1 Palm Webos | 2019-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Calendar application in HP Palm webOS 3.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-3003 | 1 Hp | 1 Insight Diagnostics | 2019-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-3012 | 1 Hp | 1 System Management Homepage | 2019-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue was originally assigned CVE-2010-3010 due to a CNA error. | |||||
| CVE-2010-0449 | 1 Hp | 1 Soa Registry Foundation | 2019-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2010-1969 | 2 Hp, Microsoft | 2 Virtual Connect Enterprise Manager, Windows | 2019-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Virtual Connect Enterprise Manager for Windows before 6.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2010-1963 | 1 Hp | 1 Servicecenter | 2019-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP ServiceCenter allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1036 | 1 Hp | 1 Systems Insight Manager | 2019-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP System Insight Manager before 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-0452 | 1 Hp | 2 Hp-ux, Project And Portfolio Management Center | 2019-10-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HP Project and Portfolio Management Center (PPMC, formerly Mercury IT Governance) 7.1 through SP10 and 7.5 through SP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-0780 | 2 Canonical, Mozilla | 3 Ubuntu Linux, Firefox, Seamonkey | 2019-10-09 | 6.8 MEDIUM | N/A |
| browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI. | |||||
| CVE-2019-17384 | 1 Eleopard | 1 Animate It\! | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The animate-it plugin before 2.3.4 for WordPress has XSS. | |||||
| CVE-2019-17385 | 1 Eleopard | 1 Animate It\! | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The animate-it plugin before 2.3.5 for WordPress has XSS. | |||||
| CVE-2019-17378 | 1 Cpanel | 1 Cpanel | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526). | |||||
| CVE-2019-17379 | 1 Cpanel | 1 Cpanel | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527). | |||||
| CVE-2019-17377 | 1 Cpanel | 1 Cpanel | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524). | |||||
| CVE-2019-17376 | 1 Cpanel | 1 Cpanel | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521). | |||||
| CVE-2019-16416 | 1 Hrworks | 1 Hrworks | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| HRworks 3.36.9 allows XSS via the purpose of a travel-expense report. | |||||
| CVE-2019-16417 | 1 Hrworks | 1 Hrworks | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| HRworks FLOW 3.36.9 allows XSS via the purpose of a travel-expense report. | |||||
| CVE-2019-6653 | 1 F5 | 1 Big-iq Centralized Management | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| There is a Stored Cross Site Scripting vulnerability in the undisclosed page of a BIG-IQ 6.0.0-6.1.0 or 5.2.0-5.4.0 system. The attack can be stored by users granted the Device Manager and Administrator roles. | |||||
| CVE-2019-17368 | 1 S-cms | 1 S-cms | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter. | |||||
| CVE-2019-17380 | 1 Cpanel | 1 Cpanel | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528). | |||||
| CVE-2019-16931 | 1 Themeisle | 1 Visualizer | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard. This occurs because classes/Visualizer/Gutenberg/Block.php registers wp-json/visualizer/v1/update-chart with no access control, and classes/Visualizer/Render/Page/Data.php lacks output sanitization. | |||||
| CVE-2019-15499 | 2 Apple, Hackmd | 2 Safari, Codimd | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL. | |||||
| CVE-2019-4342 | 1 Ibm | 1 Cognos Analytics | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 161421. | |||||
| CVE-2019-15750 | 1 Sitos | 1 Sitos Six | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability in the blog function in SITOS six Build v6.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2016-1144 | 1 Websquare | 1 Job-cube | 2019-10-08 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in JOB-CUBE -JOB WEB SYSTEM before 1.2.2 and -JOB WEB SYSTEM High Income 1.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-11656 | 1 Hp | 1 Arcsight Logger | 2019-10-08 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS vulnerability in Micro Focus ArcSight Logger, affects versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0. This vulnerability could allow Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). | |||||