Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3686 | 1 Suse | 1 Openqa | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter. This was reported through the bug bounty program of Offensive Security | |||||
| CVE-2019-3670 | 1 Mcafee | 1 Web Advisor | 2024-11-21 | 4.3 MEDIUM | 8.0 HIGH |
| Remote Code Execution vulnerability in the web interface in McAfee Web Advisor (WA) 8.0.34745 and earlier allows remote unauthenticated attacker to execute arbitrary code via a cross site scripting attack. | |||||
| CVE-2019-3638 | 1 Mcafee | 1 Web Gateway | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link. | |||||
| CVE-2019-3602 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML. | |||||
| CVE-2019-3591 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-11-21 | 4.3 MEDIUM | 3.9 LOW |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ePO extension in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows unauthenticated remote user to trigger specially crafted JavaScript to render in the ePO UI via a carefully crafted upload to a remote website which is correctly blocked by DLPe Web Protection. This would then render as an XSS when the DLP Admin viewed the event in the ePO UI. | |||||
| CVE-2019-3562 | 1 Oculus | 1 Oculus Browser | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote web page could inject arbitrary HTML code into the Oculus Browser UI, allowing an attacker to spoof UI and potentially execute code. This affects the Oculus Browser starting from version 5.2.7 until 5.7.11. | |||||
| CVE-2019-3501 | 1 Ougc Awards Project | 1 Ougc Awards | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The OUGC Awards plugin before 1.8.19 for MyBB allows XSS via a crafted award reason that is mishandled on the awards page or in a user profile. | |||||
| CVE-2019-3490 | 1 Microfocus | 1 Open Enterprise Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote attacker to execute javascript in the victims browser by tricking the victim into clicking on a specially crafted link. This affects OES versions OES2015SP1, OES2018, and OES2018SP1. Older versions may be affected but were not tested as they are out of support. | |||||
| CVE-2019-3486 | 1 Hp | 1 Arcsight Management Center | 2024-11-21 | 4.3 MEDIUM | 4.6 MEDIUM |
| Mitigates a stored cross site scripting issue in ArcSight Security Management Center versions prior to 2.9.1 | |||||
| CVE-2019-3485 | 1 Hp | 1 Arcsight Logger | 2024-11-21 | 4.3 MEDIUM | 4.6 MEDIUM |
| Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1 | |||||
| CVE-2019-3480 | 1 Hp | 1 Arcsight Logger | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7. | |||||
| CVE-2019-3418 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability to execute malicious scripts. | |||||
| CVE-2019-3414 | 1 Zte | 2 Otcp, Otcp Firmware | 2024-11-21 | 2.3 LOW | 4.8 MEDIUM |
| All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. Due to XSS, when an attacker invokes the security management to obtain the resources of the specified operation code owned by a user, the malicious script code could be transmitted in the parameter. If the front end does not process the returned result from the interface properly, the malicious script may be executed and the user cookie or other important information may be stolen. | |||||
| CVE-2019-3413 | 1 Zte | 2 Netnumen Dap, Netnumen Dap Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an XSS vulnerability. Due to the lack of correct validation of client data in WEB applications, which results in users being hijacked. | |||||
| CVE-2019-3402 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter. | |||||
| CVE-2019-3400 | 1 Atlassian | 1 Jira Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jql parameter. | |||||
| CVE-2019-2413 | 1 Oracle | 1 Reports Developer | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Vulnerability in the Oracle Reports Developer component of Oracle Fusion Middleware (subcomponent: Valid Session). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2019-25156 | 1 Dstar2018 | 1 Agency | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic was found in dstar2018 Agency up to 61. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument QSType/QuickSearch leads to cross site scripting. The attack can be launched remotely. The patch is named 975b56953efabb434519d9feefcc53685fb8d0ab. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-244495. | |||||
| CVE-2019-25148 | 1 Codemiq | 1 Wp Html Mail | 2024-11-21 | N/A | 6.1 MEDIUM |
| The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.9.0.3 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrator into performing an action such as clicking on a link. | |||||
| CVE-2019-25147 | 1 Prettylinks | 1 Pretty Links | 2024-11-21 | N/A | 7.2 HIGH |
| The Pretty Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via various IP headers as well as the referer header in versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping in the track_link function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||