Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11982 | 1 Hp | 39 Integrated Lights-out 4 Firmware, Integrated Lights-out 5 Firmware, Proliant Bl460c Gen10 and 36 more | 2019-06-07 | 7.6 HIGH | 8.3 HIGH |
| A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39. | |||||
| CVE-2018-8047 | 1 Vtiger | 1 Vtiger Crm | 2019-06-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably prior versions. This vulnerability could allow remote unauthenticated attackers to inject arbitrary web script or HTML via index.php?module=Contacts&view=List (app parameter). | |||||
| CVE-2019-3578 | 1 Mybb | 1 Mybb | 2019-06-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| MyBB 1.8.19 has XSS in the resetpassword function. | |||||
| CVE-2018-8035 | 1 Apache | 1 Unstructured Information Management Architecture Distributed Uima Cluster Computing | 2019-06-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code. | |||||
| CVE-2016-7469 | 1 F5 | 16 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 13 more | 2019-06-06 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility client to become unstable. | |||||
| CVE-2019-12542 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2019-06-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter. | |||||
| CVE-2019-12541 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2019-06-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter. | |||||
| CVE-2019-12538 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2019-06-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field. | |||||
| CVE-2019-12741 | 1 Fhir | 1 Hapi Fhir | 2019-06-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafted URL. (This module is not generally used in production systems so the attack surface is expected to be low, but affected systems are recommended to upgrade immediately.) | |||||
| CVE-2019-12543 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2019-06-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter. | |||||
| CVE-2019-9647 | 1 Gilacms | 1 Gila Cms | 2019-06-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Gila CMS 1.9.1 has XSS. | |||||
| CVE-2019-5588 | 1 Fortinet | 1 Fortios | 2019-06-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "err" parameter of the error process HTTP requests. | |||||
| CVE-2019-11226 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-06-05 | 3.5 LOW | 5.4 MEDIUM |
| CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content Manager -> News. | |||||
| CVE-2019-11368 | 1 Auo | 1 Solar Data Recorder | 2019-06-05 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via the protect/config.htm addr parameter. | |||||
| CVE-2014-9094 | 1 Digitalzoomstudio | 1 Video Gallery | 2019-06-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter. | |||||
| CVE-2019-12584 | 2 Apcupsd, Netgate | 2 Apcupsd, Pfsense | 2019-06-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php. | |||||
| CVE-2019-9838 | 1 Vfront | 1 Vfront | 2019-06-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| VFront 0.99.5 has stored XSS via the admin/sync_reg_tab.php azzera parameter, which is mishandled during admin/error_log.php rendering. | |||||
| CVE-2019-9839 | 1 Vfront | 1 Vfront | 2019-06-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| VFront 0.99.5 has Reflected XSS via the admin/menu_registri.php descrizione_g parameter or the admin/sync_reg_tab.php azzera parameter. | |||||
| CVE-2017-14850 | 1 Orpak | 1 Siteomat | 2019-06-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| All known versions of the Orpak SiteOmat web management console is vulnerable to multiple instances of Stored Cross-site Scripting due to improper external user-input validation. An attacker with access to the web interface is able to hijack sessions or navigate victims outside of SiteOmat, to a malicious server owned by him. | |||||
| CVE-2019-11370 | 1 Carel | 2 Pcoweb Card, Pcoweb Card Firmware | 2019-06-04 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field. | |||||