| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2018-15913 |
|
|
2019-06-23 |
4.3 |
| An issue was discovered in Cloudera Manager 5.x through 5.15.0. One type of page in Cloudera Manager uses a 'returnUrl' parameter to redirect the user to another page in Cloudera Manager once a wizard is completed. The validity of this parameter... |
| CVE-2018-17146 |
1 Nagios |
1 Nagios Xi |
2019-06-23 |
3.5 |
| A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. Exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code within the auto login... |
| CVE-2018-16249 |
1 B3log |
1 Symphony |
2019-06-21 |
3.5 |
| In Symphony before 3.3.0, there is XSS in the Title under Post. The ID "articleTitle" of this is stored in the "articleTitle" JSON field, and executes a payload when accessing the /member/test/points URI, allowing remote attacks. Any Web script... |
| CVE-2018-16250 |
1 Creatiwity |
1 Witycms |
2019-06-21 |
3.5 |
| The "utilisateur" menu in Creatiwity wityCMS 0.6.2 modifies the presence of XSS at two input points for user information, with the "first name" and "last name" parameters. |
| CVE-2018-16514 |
1 Mantisbt |
1 Mantisbt |
2019-06-21 |
2.6 |
| A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code (if CSP settings... |
| CVE-2019-1875 |
1 Cisco |
1 Prime Service Catalog |
2019-06-21 |
3.5 |
| A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due... |
| CVE-2019-9701 |
1 Symantec |
1 Data Loss Prevention |
2019-06-21 |
3.5 |
| DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting... |
| CVE-2019-9763 |
1 Openfind |
1 Mail2000 |
2019-06-21 |
4.3 |
| An issue was discovered in Openfind Mail2000 v6 Webmail. XSS can occur via an '<object data="data:text/html' substring in an e-mail message (The vendor subsequently patched this). |
| CVE-2019-11649 |
1 Microfocus |
1 Fortify Software Security Center |
2019-06-21 |
3.5 |
| Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in... |
| CVE-2017-8332 |
1 Securifi |
3 Almond%2bfirmware, Almond 2015 Firmware, Almond Firmware |
2019-06-21 |
6.5 |
| An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking key words passing in the web traffic to prevent kids from watching content that might... |
| CVE-2017-14395 |
|
|
2019-06-21 |
4.3 |
| Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to execute a script in the... |
| CVE-2018-16248 |
1 B3log |
1 Solo |
2019-06-21 |
4.3 |
| b3log Solo 2.9.3 has XSS in the Input page under the "Publish Articles" menu with an ID of "articleTags" stored in the "tag" JSON field, which allows remote attackers to inject arbitrary Web scripts or HTML via a carefully crafted site name in an... |
| CVE-2018-16247 |
1 Yzmcms |
1 Yzmcms |
2019-06-20 |
3.5 |
| YzmCMS 5.1 has XSS via the admin/system_manage/user_config_add.html title parameter. |
| CVE-2019-12905 |
1 Afian |
1 Filerun |
2019-06-20 |
4.3 |
| FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman§ion=do&page=up URI. |
| CVE-2019-12745 |
1 Seeddms |
1 Seeddms |
2019-06-20 |
3.5 |
| out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site Scripting (XSS) via the name field. |
| CVE-2017-9390 |
1 Getvera |
2 Veraedge Firmware, Veralite Firmware |
2019-06-20 |
4.3 |
| An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called connect.sh which is supposed to return a specific cookie for the user when the user is authenticated to... |
| CVE-2017-9387 |
1 Getvera |
2 Veraedge Firmware, Veralite Firmware |
2019-06-20 |
3.5 |
| An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called relay.sh which is used for creating new SSH relays for the device so that the device connects to Vera servers. All the... |
| CVE-2018-17079 |
1 Zrlog |
1 Zrlog |
2019-06-20 |
4.3 |
| An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area. |
| CVE-2018-17423 |
1 E107 |
1 E107 |
2019-06-20 |
3.5 |
| An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php. |
| CVE-2019-12830 |
1 Mybb |
1 Mybb |
2019-06-20 |
3.5 |
| In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue. |
