| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-1719 |
1 Cisco |
1 Identity Services Engine |
2019-04-18 |
3.5 |
| A vulnerability in the web-based guest portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The... |
| CVE-2018-13809 |
1 Siemens |
2 Cp 1604 Firmware, Cp 1616 Firmware |
2019-04-18 |
4.3 |
| A vulnerability has been identified in CP 1604 (All versions < V2.8), CP 1616 (All versions < V2.8). The integrated web server of the affected CP devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into... |
| CVE-2019-5778 |
4 Google, Debian, Redhat and 1 more |
6 Chrome, Debian Linux, Enterprise Linux Desktop and 3 more |
2019-04-18 |
4.3 |
| A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for... |
| CVE-2018-19498 |
1 Simplenia |
1 Pages |
2019-04-17 |
4.3 |
| The Simplenia Pages plugin 2.6.0 for Atlassian Bitbucket Server has XSS. |
| CVE-2019-3709 |
1 Dell |
1 Emc Isilonsd Management Server |
2019-04-17 |
4.3 |
| IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering vCenter servers. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in... |
| CVE-2019-3708 |
1 Dell |
1 Emc Isilonsd Management Server |
2019-04-17 |
4.3 |
| IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an OVA file. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the... |
| CVE-2017-15294 |
1 Sap |
1 Customer Relationship Management |
2019-04-17 |
4.3 |
| The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964. |
| CVE-2018-10680 |
1 Zblogcn |
1 Z-blogphp |
2019-04-17 |
4.3 |
| ** DISPUTED ** Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings --> Basic setting --> Website title" and enters an XSS payload via the zb_system/cmd.php... |
| CVE-2018-7736 |
1 Zblogcn |
1 Z-blogphp |
2019-04-16 |
4.3 |
| ** DISPUTED ** In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZC_BLOG_SUBNAME parameter or ZC_UPLOAD_FILETYPE parameter. NOTE: the software maintainer disputes that this is a vulnerability. |
| CVE-2016-7103 |
1 Jquery |
2 Jquery-ui, Jquery Ui |
2019-04-16 |
4.3 |
| Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. |
| CVE-2016-5005 |
1 Apache |
1 Archiva |
2019-04-16 |
3.5 |
| Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId parameter to admin/addProxyConnector_commit.action. |
| CVE-2011-4969 |
1 Jquery |
1 Jquery |
2019-04-16 |
4.3 |
| Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag. |
| CVE-2018-11208 |
1 Zblogcn |
1 Z-blogphp |
2019-04-16 |
3.5 |
| ** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0. There is a persistent XSS that allows remote attackers to inject arbitrary web script or HTML into background web site settings via the "copyright information office" field. NOTE: the... |
| CVE-2018-12653 |
1 Myadrenalin |
1 Adrenalin |
2019-04-16 |
4.3 |
| A Reflected Cross Site Scripting (XSS) vulnerability exists in Adrenalin HRMS 5.4.0. An attacker can input malicious JavaScript code in /RPT/SSRSDynamicEditReports.aspx via 'ReportId' parameter. |
| CVE-2018-1688 |
1 Ibm |
7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more |
2019-04-16 |
3.5 |
| IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2019-11025 |
1 Cacti |
1 Cacti |
2019-04-16 |
3.5 |
| In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS. |
| CVE-2018-16967 |
1 File Manager Project |
1 File Manager |
2019-04-16 |
4.3 |
| There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter. |
| CVE-2018-1913 |
|
|
2019-04-16 |
3.5 |
| IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.3 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2018-18017 |
1 Tribulant |
1 Slideshow Gallery |
2019-04-16 |
4.3 |
| XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter. |
| CVE-2018-18019 |
1 Tribulant |
1 Slideshow Gallery |
2019-04-16 |
4.3 |
| XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], or Slide[image_url] parameter. |
