Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12167 | 1 Emerson | 2 Liebert Challenger, Liebert Challenger Firmware | 2019-05-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| httpGetSet/httpGet.htm on Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter. | |||||
| CVE-2018-19614 | 1 Westermo | 6 Dr-250, Dr-250 Firmware, Dr-260 and 3 more | 2019-05-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in the /cmdexec/cmdexe?cmd= function in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers. | |||||
| CVE-2017-11560 | 1 Zohocorp | 1 Manageengine Opmanager | 2019-05-24 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the application. Thus, an attacker can inject a malicious JavaScript payload inside the HTML file and upload it to the application. | |||||
| CVE-2017-13668 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-05-23 | 3.5 LOW | 5.4 MEDIUM |
| OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). | |||||
| CVE-2017-15030 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). | |||||
| CVE-2017-17061 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-05-23 | 3.5 LOW | 5.4 MEDIUM |
| OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). | |||||
| CVE-2019-12189 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2019-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field. | |||||
| CVE-2017-5213 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS). | |||||
| CVE-2019-10077 | 1 Apache | 1 Jspwiki | 2019-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. | |||||
| CVE-2019-10076 | 1 Apache | 1 Jspwiki | 2019-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. | |||||
| CVE-2019-10078 | 1 Apache | 1 Jspwiki | 2019-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable. | |||||
| CVE-2018-7202 | 1 Projectsend | 1 Projectsend | 2019-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in ProjectSend before r1053. XSS exists in the "Name" field on the My Account page. | |||||
| CVE-2017-5864 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross Site Scripting (XSS). | |||||
| CVE-2017-9808 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). | |||||
| CVE-2019-6577 | 1 Siemens | 22 Simatic Hmi Comfort Outdoor Panels, Simatic Hmi Comfort Outdoor Panels Firmware, Simatic Hmi Comfort Panels and 19 more | 2019-05-22 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify particular parts of the device configuration via SNMP. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires system privileges and user interaction. An attacker could use the vulnerability to compromise confidentiality and the integrity of the affected system. At the stage of publishing this security advisory no public exploitation is known. | |||||
| CVE-2019-10066 | 1 Otrs | 1 Otrs | 2019-05-22 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment in order to cause execution of JavaScript in the context of OTRS. | |||||
| CVE-2018-7064 | 2 Arubanetworks, Siemens | 3 Aruba Instant, Scalance W1750d, Scalance W1750d Firmware | 2019-05-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface. An attacker could use this vulnerability to trick an IAP administrator into clicking a link which could then take administrative actions on the Instant cluster, or expose the session cookie for an administrative session. Workaround: Administrators should make sure they log out of the Aruba Instant UI when not actively managing the system, and should use caution clicking links from external sources while logged into the IAP administrative interface. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0 | |||||
| CVE-2019-3602 | 1 Mcafee | 1 Network Security Manager | 2019-05-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML. | |||||
| CVE-2019-12184 | 1 Boostio | 1 Boostnote | 2019-05-20 | 3.5 LOW | 5.4 MEDIUM |
| There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136. | |||||
| CVE-2019-11205 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2019-05-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: 7.14.0; 7.14.1; 10.0.0; 10.0.1; 10.1.0; 10.2.0, and TIBCO Spotfire Server: 7.14.0; 10.0.0; 10.0.1; 10.1.0; 10.2.0. | |||||