Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16991 | 1 Fusionpbx | 1 Fusionpbx | 2023-02-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an unsanitized "file" variable coming from the URL, which is reflected in HTML, leading to XSS. | |||||
| CVE-2019-4250 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2023-02-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159648. | |||||
| CVE-2019-4157 | 1 Ibm | 1 Security Access Manager | 2023-02-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573. | |||||
| CVE-2022-44724 | 1 Stiltsoft | 1 Handy Macros For Confluence | 2023-02-03 | N/A | 5.4 MEDIUM |
| The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Data Center 3.x before 3.5.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-7400 | 1 Rukovoditel | 1 Rukovoditel | 2023-02-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Rukovoditel before 2.4.1 allows XSS. | |||||
| CVE-2019-4258 | 1 Ibm | 1 Sterling B2b Integrator | 2023-02-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159946. | |||||
| CVE-2019-9919 | 1 Harmistechnology | 1 Je Messenger | 2023-02-03 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when the message is opened, aka XSS. | |||||
| CVE-2022-44027 | 1 Netscout | 1 Ngeniusone | 2023-02-03 | N/A | 6.1 MEDIUM |
| An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 4 of 6. | |||||
| CVE-2022-44025 | 1 Netscout | 1 Ngeniusone | 2023-02-03 | N/A | 6.1 MEDIUM |
| An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 2 of 6. | |||||
| CVE-2022-44026 | 1 Netscout | 1 Ngeniusone | 2023-02-03 | N/A | 6.1 MEDIUM |
| An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 3 of 6. | |||||
| CVE-2022-44029 | 1 Netscout | 1 Ngeniusone | 2023-02-03 | N/A | 6.1 MEDIUM |
| An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 6 of 6. | |||||
| CVE-2022-44024 | 1 Netscout | 1 Ngeniusone | 2023-02-03 | N/A | 6.1 MEDIUM |
| An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 1 of 6. | |||||
| CVE-2022-44028 | 1 Netscout | 1 Ngeniusone | 2023-02-03 | N/A | 6.1 MEDIUM |
| An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 5 of 6. | |||||
| CVE-2019-4303 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2023-02-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949. | |||||
| CVE-2019-15510 | 1 Zohocorp | 1 Manageengine Desktop Central | 2023-02-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the user administration page via the description of a role. | |||||
| CVE-2022-32209 | 3 Debian, Fedoraproject, Rubyonrails | 3 Debian Linux, Fedora, Rails Html Sanitizers | 2023-02-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| # Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = ["select", "style"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```<%= sanitize @comment.body, tags: ["select", "style"] %>```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = ["select", "style"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["select", "style"])```All users overriding the allowed tags by any of the above mechanisms to include both "select" and "style" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user). | |||||
| CVE-2021-23414 | 2 Fedoraproject, Videojs | 2 Fedora, Video.js | 2023-02-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code. | |||||
| CVE-2019-4070 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2023-02-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 157015. | |||||
| CVE-2019-11763 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more | 2023-02-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. | |||||
| CVE-2022-43497 | 1 Wordpress | 1 Wordpress | 2023-02-03 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7. | |||||