Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11846 | 1 Dotcms | 1 Dotcms | 2019-05-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| /servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XSS and HTML Injection. | |||||
| CVE-2019-11809 | 1 Joomla | 1 Joomla\! | 2019-05-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector. | |||||
| CVE-2018-1000078 | 2 Debian, Rubygems | 2 Debian Linux, Rubygems | 2019-05-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6. | |||||
| CVE-2018-20242 | 1 Apache | 1 Jspwiki | 2019-05-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to session hijacking. | |||||
| CVE-2019-0224 | 1 Apache | 1 Jspwiki | 2019-05-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser. | |||||
| CVE-2018-7117 | 1 Hp | 20 Integrated Lights-out 5 Firmware, Proliant Bl460c Gen10, Proliant Dl120 Gen10 and 17 more | 2019-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerability was identified in HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant Servers earlier than version v1.40. | |||||
| CVE-2019-5932 | 1 Cybozu | 1 Garoon | 2019-05-17 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Portal'. | |||||
| CVE-2019-5940 | 1 Cybozu | 1 Garoon | 2019-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Scheduler'. | |||||
| CVE-2019-5938 | 1 Cybozu | 1 Garoon | 2019-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'. | |||||
| CVE-2019-5939 | 1 Cybozu | 1 Garoon | 2019-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Portal'. | |||||
| CVE-2019-5937 | 1 Cybozu | 1 Garoon | 2019-05-17 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information. | |||||
| CVE-2019-5947 | 1 Cybozu | 1 Garoon | 2019-05-17 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Cabinet'. | |||||
| CVE-2019-5929 | 1 Cybozu | 1 Garoon | 2019-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the application 'Memo'. | |||||
| CVE-2019-5928 | 1 Cybozu | 1 Garoon | 2019-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function. | |||||
| CVE-2019-8926 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2019-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource. | |||||
| CVE-2019-8937 | 1 Digitaldruid | 1 Hoteldruid | 2019-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php. | |||||
| CVE-2019-8928 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2019-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName. | |||||
| CVE-2019-8927 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2019-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, rep_schedule, rep_Type, schDesc, schName, schSource, selectDeviceDone, task, val10, and val11. | |||||
| CVE-2019-8929 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2019-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype. | |||||
| CVE-2019-0963 | 1 Microsoft | 1 Sharepoint Foundation | 2019-05-17 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | |||||