Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12409 | 1 Tibco | 1 Silver Fabric | 2019-02-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions up to and including 5.8.1. | |||||
| CVE-2016-0926 | 1 Pivotal Software | 1 Cloud Foundry Elastic Runtime | 2019-02-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework. | |||||
| CVE-2019-1000015 | 1 Chamilo | 1 Chamilo Lms | 2019-02-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.php, main/social/personal_data.php, main/inc/lib/TicketManager.php, main/ticket/ticket_details.php that can result in a message being sent to the Administrator with the XSS to steal cookies. A ticket can be created with a XSS payload in the subject field. This attack appears to be exploitable via <svg/onload=alert(1)> as the payload user on the Subject field. This makes it possible to obtain the cookies of all users that have permission to view the tickets. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03. | |||||
| CVE-2019-8435 | 1 Phpmywind | 1 Phpmywind | 2019-02-20 | 3.5 LOW | 4.8 MEDIUM |
| admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header. | |||||
| CVE-2019-8400 | 1 Ory | 1 Hydra | 2019-02-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter. | |||||
| CVE-2019-0254 | 1 Sap | 1 Disclosure Management | 2019-02-20 | 3.5 LOW | 5.4 MEDIUM |
| SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-0262 | 1 Sap | 1 Businessobjects Bi Platform | 2019-02-19 | 3.5 LOW | 5.4 MEDIUM |
| SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-0251 | 1 Sap | 1 Businessobjects | 2019-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-8419 | 1 Vnote Project | 1 Vnote | 2019-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| VNote 2.2 has XSS via a new text note. | |||||
| CVE-2019-8935 | 1 O-dyn | 1 Collabtive | 2019-02-19 | 3.5 LOW | 5.4 MEDIUM |
| Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter. | |||||
| CVE-2019-8436 | 1 Txjia | 1 Imcat | 2019-02-19 | 3.5 LOW | 5.4 MEDIUM |
| imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter. | |||||
| CVE-2019-8911 | 1 Wtcms Project | 1 Wtcms | 2019-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in WTCMS 1.0. It has stored XSS via the third text box (for the website statistics code). | |||||
| CVE-2019-8426 | 1 Zoneminder | 1 Zoneminder | 2019-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter. | |||||
| CVE-2019-8425 | 1 Zoneminder | 1 Zoneminder | 2019-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages. | |||||
| CVE-2019-8434 | 1 Cmseasy | 1 Cmseasy | 2019-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter. | |||||
| CVE-2019-8432 | 1 Cmseasy | 1 Cmseasy | 2019-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter. | |||||
| CVE-2019-8363 | 1 Verydows | 1 Verydows | 2019-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value. | |||||
| CVE-2019-8361 | 1 Responsive Video News Script Project | 1 Responsive Video News Script | 2019-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection. | |||||
| CVE-2018-6906 | 1 Rainmachine | 1 Rainmachine Web Application | 2019-02-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API. | |||||
| CVE-2019-6589 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2019-02-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP configuration utility. | |||||