Vulnerabilities (CVE)

CWE filter

CWE-79

Filter

10461 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-1665 1 Cisco 1 Hyperflex Hx Data Platform 2019-02-21 4.3
A vulnerability in the web-based management interface of Cisco HyperFlex software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected...
CVE-2019-5778 3 Google, Debian, Redhat 5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more 2019-02-21 4.3
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for...
CVE-2018-1947 2019-02-21 4.3
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended...
CVE-2019-8983 2019-02-21 4.3
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2).
CVE-2019-8984 2019-02-21 4.3
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2).
CVE-2018-20241 1 Atlassian 2 Crucible, Fisheye 2019-02-21 3.5
The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter.
CVE-2018-8031 1 Apache 1 Tomee 2019-02-20 4.3
The Apache TomEE console (tomee-webapp) has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web application is typically used to add TomEE features to a Tomcat installation. The TomEE...
CVE-2018-19918 1 Cuppacms 1 Cuppacms 2019-02-20 3.5
CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI.
CVE-2018-19845 1 Get-simple 1 Getsimple Cms 2019-02-20 3.5
There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325.
CVE-2018-19844 1 Frogcms Project 1 Frogcms 2019-02-20 3.5
FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319.
CVE-2016-8751 1 Apache 1 Ranger 2019-02-20 3.5
Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies.
CVE-2016-6800 1 Apache 1 Ofbiz 2019-02-20 4.3
The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the...
CVE-2015-5454 1 Nucleuscms 1 Nucleus Cms 2019-02-20 4.3
Cross-site scripting (XSS) vulnerability in Nucleus CMS allows remote attackers to inject arbitrary web script or HTML via the title parameter when adding a new item.
CVE-2018-12409 1 Tibco 1 Silver Fabric 2019-02-20 4.3
The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions up to and...
CVE-2019-8331 2019-02-20 4.3
In Bootstrap before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CVE-2016-1000220 1 Elasticsearch 1 Kibana 2019-02-20 4.3
Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers.
CVE-2018-20240 1 Atlassian 2 Crucible, Fisheye 2019-02-20 3.5
The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter.
CVE-2016-0926 1 Pivotal Software 1 Cloud Foundry Elastic Runtime 2019-02-20 4.3
Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly...
CVE-2019-1003013 1 Jenkins 1 Blue Ocean 2019-02-20 3.5
An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java,...
CVE-2018-19906 1 Razorcms 1 Razorcms 2019-02-20 3.5
Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter.