| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-1665 |
1 Cisco |
1 Hyperflex Hx Data Platform |
2019-02-21 |
4.3 |
| A vulnerability in the web-based management interface of Cisco HyperFlex software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected... |
| CVE-2019-5778 |
3 Google, Debian, Redhat |
5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more |
2019-02-21 |
4.3 |
| A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for... |
| CVE-2018-1947 |
|
|
2019-02-21 |
4.3 |
| IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2019-8983 |
|
|
2019-02-21 |
4.3 |
| MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2). |
| CVE-2019-8984 |
|
|
2019-02-21 |
4.3 |
| MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2). |
| CVE-2018-20241 |
1 Atlassian |
2 Crucible, Fisheye |
2019-02-21 |
3.5 |
| The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter. |
| CVE-2018-8031 |
1 Apache |
1 Tomee |
2019-02-20 |
4.3 |
| The Apache TomEE console (tomee-webapp) has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web application is typically used to add TomEE features to a Tomcat installation. The TomEE... |
| CVE-2018-19918 |
1 Cuppacms |
1 Cuppacms |
2019-02-20 |
3.5 |
| CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI. |
| CVE-2018-19845 |
1 Get-simple |
1 Getsimple Cms |
2019-02-20 |
3.5 |
| There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325. |
| CVE-2018-19844 |
1 Frogcms Project |
1 Frogcms |
2019-02-20 |
3.5 |
| FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319. |
| CVE-2016-8751 |
1 Apache |
1 Ranger |
2019-02-20 |
3.5 |
| Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies. |
| CVE-2016-6800 |
1 Apache |
1 Ofbiz |
2019-02-20 |
4.3 |
| The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the... |
| CVE-2015-5454 |
1 Nucleuscms |
1 Nucleus Cms |
2019-02-20 |
4.3 |
| Cross-site scripting (XSS) vulnerability in Nucleus CMS allows remote attackers to inject arbitrary web script or HTML via the title parameter when adding a new item. |
| CVE-2018-12409 |
1 Tibco |
1 Silver Fabric |
2019-02-20 |
4.3 |
| The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions up to and... |
| CVE-2019-8331 |
|
|
2019-02-20 |
4.3 |
| In Bootstrap before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. |
| CVE-2016-1000220 |
1 Elasticsearch |
1 Kibana |
2019-02-20 |
4.3 |
| Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers. |
| CVE-2018-20240 |
1 Atlassian |
2 Crucible, Fisheye |
2019-02-20 |
3.5 |
| The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter. |
| CVE-2016-0926 |
1 Pivotal Software |
1 Cloud Foundry Elastic Runtime |
2019-02-20 |
4.3 |
| Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly... |
| CVE-2019-1003013 |
1 Jenkins |
1 Blue Ocean |
2019-02-20 |
3.5 |
| An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java,... |
| CVE-2018-19906 |
1 Razorcms |
1 Razorcms |
2019-02-20 |
3.5 |
| Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter. |
