Vulnerabilities (CVE)

CWE filter

CWE-79

Filter

10669 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-1719 1 Cisco 1 Identity Services Engine 2019-04-18 3.5
A vulnerability in the web-based guest portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The...
CVE-2018-13809 1 Siemens 2 Cp 1604 Firmware, Cp 1616 Firmware 2019-04-18 4.3
A vulnerability has been identified in CP 1604 (All versions < V2.8), CP 1616 (All versions < V2.8). The integrated web server of the affected CP devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into...
CVE-2019-5778 4 Google, Debian, Redhat and 1 more 6 Chrome, Debian Linux, Enterprise Linux Desktop and 3 more 2019-04-18 4.3
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for...
CVE-2018-19498 1 Simplenia 1 Pages 2019-04-17 4.3
The Simplenia Pages plugin 2.6.0 for Atlassian Bitbucket Server has XSS.
CVE-2019-3709 1 Dell 1 Emc Isilonsd Management Server 2019-04-17 4.3
IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering vCenter servers. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in...
CVE-2019-3708 1 Dell 1 Emc Isilonsd Management Server 2019-04-17 4.3
IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an OVA file. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the...
CVE-2017-15294 1 Sap 1 Customer Relationship Management 2019-04-17 4.3
The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964.
CVE-2018-10680 1 Zblogcn 1 Z-blogphp 2019-04-17 4.3
** DISPUTED ** Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings --> Basic setting --> Website title" and enters an XSS payload via the zb_system/cmd.php...
CVE-2018-7736 1 Zblogcn 1 Z-blogphp 2019-04-16 4.3
** DISPUTED ** In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZC_BLOG_SUBNAME parameter or ZC_UPLOAD_FILETYPE parameter. NOTE: the software maintainer disputes that this is a vulnerability.
CVE-2016-7103 1 Jquery 2 Jquery-ui, Jquery Ui 2019-04-16 4.3
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
CVE-2016-5005 1 Apache 1 Archiva 2019-04-16 3.5
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId parameter to admin/addProxyConnector_commit.action.
CVE-2011-4969 1 Jquery 1 Jquery 2019-04-16 4.3
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
CVE-2018-11208 1 Zblogcn 1 Z-blogphp 2019-04-16 3.5
** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0. There is a persistent XSS that allows remote attackers to inject arbitrary web script or HTML into background web site settings via the "copyright information office" field. NOTE: the...
CVE-2018-12653 1 Myadrenalin 1 Adrenalin 2019-04-16 4.3
A Reflected Cross Site Scripting (XSS) vulnerability exists in Adrenalin HRMS 5.4.0. An attacker can input malicious JavaScript code in /RPT/SSRSDynamicEditReports.aspx via 'ReportId' parameter.
CVE-2018-1688 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2019-04-16 3.5
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended...
CVE-2019-11025 1 Cacti 1 Cacti 2019-04-16 3.5
In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS.
CVE-2018-16967 1 File Manager Project 1 File Manager 2019-04-16 4.3
There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.
CVE-2018-1913 2019-04-16 3.5
IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.3 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...
CVE-2018-18017 1 Tribulant 1 Slideshow Gallery 2019-04-16 4.3
XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.
CVE-2018-18019 1 Tribulant 1 Slideshow Gallery 2019-04-16 4.3
XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], or Slide[image_url] parameter.