Total
26605 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-20339 | 1 Zohocorp | 1 Manageengine Opmanager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section. | |||||
CVE-2018-1794 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148949. | |||||
CVE-2019-9142 | 1 B3log | 1 Symphony | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java. | |||||
CVE-2018-15973 | 1 Adobe | 1 Experience Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
CVE-2019-0624 | 1 Microsoft | 1 Skype For Business | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype. | |||||
CVE-2018-1554 | 1 Ibm | 1 Maximo Asset Management | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142891. | |||||
CVE-2018-0687 | 1 Neo | 2 Debun Imap, Debun Pop | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2018-13308 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field. | |||||
CVE-2018-14905 | 1 3cx | 1 3cx Web Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter. | |||||
CVE-2018-15313 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page. | |||||
CVE-2019-7413 | 1 Parallax Scroll Project | 1 Parallax Scroll | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
In the Parallax Scroll (aka adamrob-parallax-scroll) plugin before 2.1 for WordPress, includes/adamrob-parralax-shortcode.php allows XSS via the title text. ("parallax" has a spelling change within the PHP filename.) | |||||
CVE-2018-1895 | 1 Ibm | 2 Infosphere Information Governance Catalog, Infosphere Information Server On Cloud | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152159. | |||||
CVE-2018-16134 | 1 Cybrotech | 1 Cybrohttpserver | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI. | |||||
CVE-2018-14975 | 1 Q-cms | 1 Qcms | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/album.php has XSS. | |||||
CVE-2019-7172 | 1 Atutor | 1 Atutor | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php. | |||||
CVE-2018-20464 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an attempt to modify a user's mailbox with the wrong format. The response contains the user's previously entered email address. | |||||
CVE-2018-13387 | 1 Atlassian | 2 Jira, Jira Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter as the fix for CVE-2017-18039 was incomplete. | |||||
CVE-2019-0024 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | |||||
CVE-2018-6681 | 1 Mcafee | 1 Network Security Manager | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface. | |||||
CVE-2018-7603 | 1 Search Autocomplete Project | 1 Search Autocomplete | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
In Drupal's 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website (nodes, comments, etc.). The module doesn't sufficiently filter user-entered text among the autocompletion items leading to a Cross Site Scripting (XSS) vulnerability. This vulnerability can be exploited by any user allowed to create one of the autocompletion item, for instance, nodes, users, comments. |