Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-0375 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2019-10-10 | 3.5 LOW | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in reflected Cross-Site Scripting. | |||||
| CVE-2019-0376 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2019-10-10 | 3.5 LOW | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in Stored Cross-Site Scripting. | |||||
| CVE-2019-0377 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2019-10-10 | 3.5 LOW | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the input controls, resulting in Stored Cross-Site Scripting. | |||||
| CVE-2019-0378 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2019-10-10 | 3.5 LOW | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting. | |||||
| CVE-2019-12695 | 1 Cisco | 12 Adaptive Security Appliance, Asa 5505, Asa 5510 and 9 more | 2019-10-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the Clientless SSL VPN (WebVPN) portal of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. | |||||
| CVE-2019-11212 | 1 Tibco | 1 Master Data Management | 2019-10-10 | 3.5 LOW | 5.4 MEDIUM |
| The MDM server component of TIBCO Software Inc's TIBCO MDM contains multiple vulnerabilities that theoretically allow an authenticated user with specific roles to perform cross-site scripting (XSS) attacks. This issue affects TIBCO Software Inc.'s TIBCO MDM version 9.0.1 and prior versions; version 9.1.0. | |||||
| CVE-2019-6159 | 1 Lenovo | 30 Bladecenter Hs22, Bladecenter Hs22 Firmware, Bladecenter Hs22v and 27 more | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause JavaScript code to be stored in the IMM log which may then be executed in the user's web browser when IMM log records containing the JavaScript code are viewed. The JavaScript code is not executed on IMM itself. The later IMM2 (IMM v2) is not affected. | |||||
| CVE-2019-5422 | 1 Buttle Project | 1 Buttle | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim's browser when an attacker creates an arbitrary file on the server. | |||||
| CVE-2019-3754 | 1 Dell | 4 Emc Unity Operating Environment, Emc Unityvsa Operating Environment, Emc Vnxe3200 and 1 more | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected cross-site scripting vulnerability on the cas/logout page. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser. | |||||
| CVE-2019-3747 | 1 Dell | 5 Emc Idpa Dp4400, Emc Idpa Dp5800, Emc Idpa Dp8300 and 2 more | 2019-10-09 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. A remote malicious ACM admin user may potentially exploit this vulnerability to store malicious HTML or JavaScript code in Cloud DR add-on specific field. When victim users access the page through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2019-3709 | 1 Dell | 1 Emc Isilonsd Management Server | 2019-10-09 | 9.3 HIGH | 9.6 CRITICAL |
| IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering vCenter servers. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user. | |||||
| CVE-2019-3708 | 1 Dell | 1 Emc Isilonsd Management Server | 2019-10-09 | 9.3 HIGH | 9.6 CRITICAL |
| IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an OVA file. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user. | |||||
| CVE-2019-3562 | 1 Oculus | 1 Oculus Browser | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote web page could inject arbitrary HTML code into the Oculus Browser UI, allowing an attacker to spoof UI and potentially execute code. This affects the Oculus Browser starting from version 5.2.7 until 5.7.11. | |||||
| CVE-2019-3413 | 1 Zte | 2 Netnumen Dap, Netnumen Dap Firmware | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an XSS vulnerability. Due to the lack of correct validation of client data in WEB applications, which results in users being hijacked. | |||||
| CVE-2019-3872 | 1 Redhat | 3 Enterprise Linux, Jboss Enterprise Application Platform, Single Sign-on | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks. | |||||
| CVE-2019-3776 | 1 Pivotal Software | 1 Operations Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user to interact with malicious content could execute arbitrary JavaScript in the user's browser. | |||||
| CVE-2019-1870 | 1 Cisco | 1 Enterprise Chat And Email | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Enterprise Chat and Email (ECE) Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface or allow the attacker to access sensitive browser-based information. | |||||
| CVE-2019-1852 | 1 Cisco | 1 Network Registrar | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. | |||||
| CVE-2019-1792 | 1 Cisco | 1 Umbrella | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the URL block page of Cisco Umbrella could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user in a network protected by Umbrella. The vulnerability is due to insufficient validation of input parameters passed to that page. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. This vulnerability has been fixed in the current version of Cisco Umbrella. Cisco Umbrella is a cloud service. | |||||
| CVE-2019-1827 | 1 Cisco | 4 Rv320, Rv320 Firmware, Rv325 and 1 more | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the Online Help web service of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the service. The vulnerability exists because the Online Help web service of an affected device insufficiently validates user-supplied input. An attacker could exploit this vulnerability by persuading a user of the service to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected service or access sensitive browser-based information.This vulnerability affects Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers running firmware releases prior to 1.4.2.22. | |||||