Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34021 | 1 Resiot | 1 Iot Platform And Lorawan Network Server | 2022-10-14 | N/A | 5.4 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields. | |||||
| CVE-2022-35134 | 1 Boodskap | 1 Iot Platform | 2022-10-14 | N/A | 5.4 MEDIUM |
| Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-35612 | 1 Bevywise | 1 Mqttroute | 2022-10-14 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field. | |||||
| CVE-2022-26874 | 2 Debian, Horde | 2 Debian Linux, Horde Mime Viewer | 2022-10-14 | 3.5 LOW | 5.4 MEDIUM |
| lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering. | |||||
| CVE-2019-8987 | 1 Tibco | 2 Data Science For Aws, Spotfire Data Science | 2022-10-14 | 3.5 LOW | 5.4 MEDIUM |
| The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically allows an authenticated user to gain access to all the capabilities of the web interface available to more privileged users. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0. | |||||
| CVE-2019-8991 | 1 Tibco | 5 Activematrix Bpm, Activematrix Policy Director, Activematrix Service Bus and 2 more | 2022-10-14 | 6.8 MEDIUM | 8.8 HIGH |
| The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains multiple vulnerabilities that may allow for cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1. | |||||
| CVE-2022-41350 | 1 Zimbra | 1 Collaboration | 2022-10-14 | N/A | 6.1 MEDIUM |
| In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine. | |||||
| CVE-2022-41351 | 1 Zimbra | 1 Collaboration | 2022-10-14 | N/A | 6.1 MEDIUM |
| In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string (instead of default value of 10). | |||||
| CVE-2019-5888 | 1 Overit | 1 Geocall | 2022-10-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple XSS vulnerabilities were discovered in OverIT Geocall 6.3 before build 2:346977. | |||||
| CVE-2019-6002 | 1 Central Dogma Project | 1 Central Dogma | 2022-10-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Central Dogma 0.17.0 to 0.40.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-6180 | 1 Lenovo | 1 Xclarity Administrator | 2022-10-13 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not executed on LXCA itself. | |||||
| CVE-2019-6181 | 1 Lenovo | 1 Xclarity Administrator | 2022-10-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The JavaScript code is not executed on LXCA itself. | |||||
| CVE-2019-7655 | 1 Wowza | 1 Streaming Engine | 2022-10-13 | 3.5 LOW | 5.4 MEDIUM |
| Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the (1) customList%5B0%5D.value field in enginemanager/server/serversetup/edit_adv.htm of the Server Setup configuration or the (2) host field in enginemanager/j_spring_security_check of the login form. This issue was resolved in Wowza Streaming Engine 4.8.5. | |||||
| CVE-2020-10012 | 1 Apple | 2 Mac Os X, Macos | 2022-10-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.0.1. Processing a maliciously crafted document may lead to a cross site scripting attack. | |||||
| CVE-2019-8625 | 2 Apple, Webkitgtk | 3 Icloud, Itunes, Webkitgtk\+ | 2022-10-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
| CVE-2019-8719 | 2 Apple, Webkitgtk | 3 Icloud, Itunes, Webkitgtk\+ | 2022-10-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
| CVE-2019-8813 | 2 Apple, Webkitgtk | 7 Icloud, Ipados, Iphone Os and 4 more | 2022-10-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
| CVE-2019-8674 | 2 Apple, Webkitgtk | 3 Iphone Os, Safari, Webkitgtk | 2022-10-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
| CVE-2019-8764 | 2 Apple, Webkitgtk | 2 Watchos, Webkitgtk\+ | 2022-10-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
| CVE-2019-7255 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2022-10-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Linear eMerge E3-Series devices allow XSS. | |||||