Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1715 | 1 Ibm | 1 Maximo Asset Management | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147003. | |||||
| CVE-2018-1718 | 1 Ibm | 1 Sterling B2b Integrator | 2019-10-09 | 4.3 MEDIUM | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.1 - 5.2.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147166. | |||||
| CVE-2018-1728 | 1 Ibm | 1 Qradar Incident Forensics | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147707. | |||||
| CVE-2018-1740 | 1 Ibm | 1 Security Access Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148419. | |||||
| CVE-2018-1556 | 1 Ibm | 2 Content Foundation, Filenet Content Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142893. | |||||
| CVE-2018-1554 | 1 Ibm | 1 Maximo Asset Management | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142891. | |||||
| CVE-2018-1555 | 1 Ibm | 2 Content Foundation, Filenet Content Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142892. | |||||
| CVE-2018-18991 | 1 Spidercontrol | 1 Scada Webserver | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected cross-site scripting (non-persistent) in SCADA WebServer (Versions prior to 2.03.0001) could allow an attacker to send a crafted URL that contains JavaScript, which can be reflected off the web application to the victim's browser. | |||||
| CVE-2018-18813 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0. | |||||
| CVE-2018-17904 | 1 Geovap | 1 Reliance 4 | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code. | |||||
| CVE-2018-18985 | 1 Tridium | 3 Niagara, Niagara Ax Framework, Niagara Enterprise Security | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality. | |||||
| CVE-2018-19644 | 1 Microfocus | 1 Solutions Business Manager | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | |||||
| CVE-2018-18997 | 1 Abb | 4 Gate-e1, Gate-e1 Firmware, Gate-e2 and 1 more | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visitor browser. | |||||
| CVE-2018-18816 | 1 Tibco | 3 Jasperreports Server, Jaspersoft, Jaspersoft Reporting And Analytics | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| The repository component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS contains a persistent cross site scripting vulnerability. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi- Tenancy versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0. | |||||
| CVE-2018-19006 | 1 Osisoft | 1 Pi Vision | 2019-10-09 | 3.5 LOW | 4.8 MEDIUM |
| OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The application contains a cross-site scripting vulnerability where displays that reference AF elements and attributes containing JavaScript are affected. This vulnerability requires the ability of authorized AF users to store JavaScript in AF elements and attributes. | |||||
| CVE-2018-18807 | 1 Tibco | 1 Statistica Server | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| The web application of the TIBCO Statistica component of TIBCO Software Inc.'s TIBCO Statistica Server contains vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Statistica Server versions up to and including 13.4.0. | |||||
| CVE-2018-16484 | 1 M-server Project | 1 M-server | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names. | |||||
| CVE-2018-16555 | 1 Siemens | 8 Scalance S602, Scalance S602 Firmware, Scalance S612 and 5 more | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions < V4.0.1.1). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. | |||||
| CVE-2018-16474 | 1 Tianma-static Project | 1 Tianma-static | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored xss in tianma-static module versions <=1.0.4 allows an attacker to execute arbitrary javascript. | |||||
| CVE-2018-16468 | 2 Debian, Loofah Project | 2 Debian Linux, Loofah | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. | |||||