Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-8159 | 1 Microsoft | 1 Exchange Server | 2019-10-02 | 5.8 MEDIUM | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server. | |||||
| CVE-2018-9078 | 1 Lenovo | 40 Ez Media \& Backup Center, Ez Media \& Backup Center Firmware, Ix2 and 37 more | 2019-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does not prevent the user from uploading SVG images and returns these images within their origin. As a result, malicious users can upload SVG images that contain arbitrary JavaScript that is evaluated when the victim issues a request to download the file. | |||||
| CVE-2017-17062 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-10-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege management. | |||||
| CVE-2015-9420 | 1 Mightymess | 1 Soundcloud Is Gold | 2019-10-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| The soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via the wp-admin/admin-ajax.php?action=get_soundcloud_player id parameter. | |||||
| CVE-2019-11741 | 1 Mozilla | 1 Firefox | 2019-10-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious manipulation of these sites within the browser can potentially be used to modify a user's Firefox configuration. These two sites will now be isolated into their own process and not allowed to be loaded in a standard content process. This vulnerability affects Firefox < 69. | |||||
| CVE-2019-15810 | 1 Netdisco | 1 Netdisco | 2019-10-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient sanitization during device search in Netdisco 2.042010 allows for reflected XSS via manipulation of a URL parameter. | |||||
| CVE-2019-14752 | 1 Salesagility | 1 Suitecrm | 2019-10-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS. | |||||
| CVE-2019-14952 | 1 Jetbrains | 1 Youtrack | 2019-10-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles. | |||||
| CVE-2019-14953 | 2 Jetbrains, Mozilla | 2 Youtrack, Firefox | 2019-10-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser. | |||||
| CVE-2019-14961 | 1 Jetbrains | 1 Upsource | 2019-10-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS. | |||||
| CVE-2015-9411 | 1 Gopostmatic | 1 Replyable | 2019-10-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Postmatic plugin before 1.4.6 for WordPress has XSS. | |||||
| CVE-2019-12562 | 1 Dnnsoftware | 1 Dotnetnuke | 2019-10-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting. | |||||
| CVE-2019-16524 | 1 Status301 | 1 Easy Fancybox | 2019-10-01 | 3.5 LOW | 4.8 MEDIUM |
| The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter. | |||||
| CVE-2015-5008 | 1 Ibm | 1 Websphere Commerce | 2019-09-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2013-0566 | 1 Ibm | 1 Websphere Commerce | 2019-09-30 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the (1) Accelerator JSPs, (2) Organization Administration Console JSPs, and (3) Administration Console JSPs in WebSphere Commerce Tools in IBM WebSphere Commerce 5.6.1.0 through 5.6.1.5, 6.0.0.0 through 6.0.0.11, and 7.0.0.0 through 7.0.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-5009 | 1 Ibm | 1 Websphere Commerce | 2019-09-30 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-2862 | 1 Ibm | 1 Websphere Commerce | 2019-09-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 before 7.0.0.9 cumulative iFix 3, and 8.0 before 8.0.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-3015 | 1 Ibm | 1 Cognos Analytics | 2019-09-30 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998887. | |||||
| CVE-2016-3031 | 1 Ibm | 1 Cognos Analytics | 2019-09-30 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998887. | |||||
| CVE-2016-0217 | 1 Ibm | 1 Cognos Analytics | 2019-09-30 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |||||