Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18350 | 1 Ant.design | 1 Ant Design Pro | 2019-10-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET parameter affects the authorization component, leading to execution of JavaScript code in the login after-action script. | |||||
| CVE-2019-4459 | 1 Ibm | 1 Cloud Orchestrator | 2019-10-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163656. | |||||
| CVE-2019-4486 | 1 Ibm | 9 Maximo Asset Management, Maximo For Aviation, Maximo For Life Sciences and 6 more | 2019-10-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070. | |||||
| CVE-2016-3101 | 1 Jenkins | 1 Extra Columns | 2019-10-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows remote attackers to inject arbitrary web script or HTML by leveraging failure to filter tool tips through the configured markup formatter. | |||||
| CVE-2016-4988 | 1 Jenkins | 1 Build Failure Analyzer | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. | |||||
| CVE-2019-17581 | 1 Dormsystem Project | 1 Dormsystem | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| tonyy dormsystem through 1.3 allows DOM XSS. | |||||
| CVE-2019-18415 | 1 Restaurant Management System Project | 1 Restaurant Management System | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sourcecodester Restaurant Management System 1.0 allows XSS via the "send a message" screen. | |||||
| CVE-2019-18416 | 1 Restaurant Management System Project | 1 Restaurant Management System | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sourcecodester Restaurant Management System 1.0 allows XSS via the Last Name field of a member. | |||||
| CVE-2019-17606 | 1 Hexo-admin Project | 1 Hexo-admin | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Post editor functionality in the hexo-admin plugin versions 2.3.0 and earlier for Node.js is vulnerable to stored XSS via the content of a post. | |||||
| CVE-2019-18357 | 1 Thycotic | 1 Secret Server | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2). | |||||
| CVE-2019-18356 | 1 Thycotic | 1 Secret Server | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2). | |||||
| CVE-2019-16976 | 1 Fusionpbx | 1 Fusionpbx | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| In FusionPBX up to 4.5.7, the file app\destinations\destination_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS. | |||||
| CVE-2019-16977 | 1 Fusionpbx | 1 Fusionpbx | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. | |||||
| CVE-2019-8085 | 1 Adobe | 1 Experience Manager | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2019-8080 | 1 Adobe | 1 Experience Manager | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4 and 6.3 have a stored cross site scripting vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2019-8079 | 1 Adobe | 1 Experience Manager | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2019-8078 | 1 Adobe | 1 Experience Manager | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2015-9504 | 1 Weeklynews Theme Project | 1 Weeklynews Theme | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter. | |||||
| CVE-2019-8084 | 1 Adobe | 1 Experience Manager | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2019-8083 | 1 Adobe | 1 Experience Manager | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.5, 6.4 and 6.3 have a cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||