Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1827 | 1 Ibm | 8 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 5 more | 2023-01-30 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150430. | |||||
| CVE-2018-1892 | 1 Ibm | 8 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 5 more | 2023-01-30 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152156. | |||||
| CVE-2018-1893 | 1 Ibm | 8 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 5 more | 2023-01-30 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152157. | |||||
| CVE-2018-1828 | 1 Ibm | 8 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 5 more | 2023-01-30 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150431. | |||||
| CVE-2019-13564 | 1 Pingidentity | 1 Agentless Integration Kit | 2023-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Ping Identity Agentless Integration Kit before 1.5. | |||||
| CVE-2019-10346 | 1 Jenkins | 1 Embeddable Build Status | 2023-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin. | |||||
| CVE-2019-10349 | 1 Jenkins | 1 Dependency Graph Viewer | 2023-01-30 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. | |||||
| CVE-2019-11825 | 1 Synology | 1 Calendar | 2023-01-30 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter. | |||||
| CVE-2019-11828 | 1 Synology | 1 Office | 2023-01-30 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-7185 | 1 Qnap | 2 Music Station, Qts | 2023-01-30 | 3.5 LOW | 4.8 MEDIUM |
| This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Music Station to their latest versions. | |||||
| CVE-2019-11827 | 1 Synology | 1 Note Station | 2023-01-30 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in Synology Note Station before 2.5.3-0863 allows remote attackers to inject arbitrary web script or HTML via the object_id parameter. | |||||
| CVE-2019-13414 | 1 Boiteasite | 1 Rencontre | 2023-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/rencontre_widget.php. | |||||
| CVE-2019-13505 | 1 Dwbooster | 1 Appointment Hour Booking | 2023-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1. | |||||
| CVE-2019-7184 | 1 Qnap | 2 Qts, Video Station | 2023-01-30 | 3.5 LOW | 4.8 MEDIUM |
| This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Video Station to their latest versions. | |||||
| CVE-2022-35224 | 1 Sap | 1 Enterprise Portal | 2023-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim?s web browser session. | |||||
| CVE-2022-29413 | 1 Hermit Project | 1 Hermit | 2023-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress via &title parameter. | |||||
| CVE-2020-6324 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2023-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim?s browser leading to Reflected Cross Site Scripting. | |||||
| CVE-2019-15833 | 1 Simple Mail Address Encoder Project | 1 Simple Mail Address Encoder | 2023-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS. | |||||
| CVE-2022-25630 | 1 Symantec | 1 Messaging Gateway | 2023-01-30 | N/A | 5.4 MEDIUM |
| An authenticated user can embed malicious content with XSS into the admin group policy page. | |||||
| CVE-2012-0767 | 6 Adobe, Apple, Google and 3 more | 6 Flash Player, Mac Os X, Android and 3 more | 2023-01-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012. | |||||