Vulnerabilities (CVE)

CWE filter

CWE-79

Filter

10984 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-15913 2019-06-23 4.3
An issue was discovered in Cloudera Manager 5.x through 5.15.0. One type of page in Cloudera Manager uses a 'returnUrl' parameter to redirect the user to another page in Cloudera Manager once a wizard is completed. The validity of this parameter...
CVE-2018-17146 1 Nagios 1 Nagios Xi 2019-06-23 3.5
A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. Exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code within the auto login...
CVE-2018-16249 1 B3log 1 Symphony 2019-06-21 3.5
In Symphony before 3.3.0, there is XSS in the Title under Post. The ID "articleTitle" of this is stored in the "articleTitle" JSON field, and executes a payload when accessing the /member/test/points URI, allowing remote attacks. Any Web script...
CVE-2018-16250 1 Creatiwity 1 Witycms 2019-06-21 3.5
The "utilisateur" menu in Creatiwity wityCMS 0.6.2 modifies the presence of XSS at two input points for user information, with the "first name" and "last name" parameters.
CVE-2018-16514 1 Mantisbt 1 Mantisbt 2019-06-21 2.6
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code (if CSP settings...
CVE-2019-1875 1 Cisco 1 Prime Service Catalog 2019-06-21 3.5
A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due...
CVE-2019-9701 1 Symantec 1 Data Loss Prevention 2019-06-21 3.5
DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting...
CVE-2019-9763 1 Openfind 1 Mail2000 2019-06-21 4.3
An issue was discovered in Openfind Mail2000 v6 Webmail. XSS can occur via an '<object data="data:text/html' substring in an e-mail message (The vendor subsequently patched this).
CVE-2019-11649 1 Microfocus 1 Fortify Software Security Center 2019-06-21 3.5
Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in...
CVE-2017-8332 1 Securifi 3 Almond%2bfirmware, Almond 2015 Firmware, Almond Firmware 2019-06-21 6.5
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking key words passing in the web traffic to prevent kids from watching content that might...
CVE-2017-14395 2019-06-21 4.3
Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to execute a script in the...
CVE-2018-16248 1 B3log 1 Solo 2019-06-21 4.3
b3log Solo 2.9.3 has XSS in the Input page under the "Publish Articles" menu with an ID of "articleTags" stored in the "tag" JSON field, which allows remote attackers to inject arbitrary Web scripts or HTML via a carefully crafted site name in an...
CVE-2018-16247 1 Yzmcms 1 Yzmcms 2019-06-20 3.5
YzmCMS 5.1 has XSS via the admin/system_manage/user_config_add.html title parameter.
CVE-2019-12905 1 Afian 1 Filerun 2019-06-20 4.3
FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman&section=do&page=up URI.
CVE-2019-12745 1 Seeddms 1 Seeddms 2019-06-20 3.5
out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site Scripting (XSS) via the name field.
CVE-2017-9390 1 Getvera 2 Veraedge Firmware, Veralite Firmware 2019-06-20 4.3
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called connect.sh which is supposed to return a specific cookie for the user when the user is authenticated to...
CVE-2017-9387 1 Getvera 2 Veraedge Firmware, Veralite Firmware 2019-06-20 3.5
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called relay.sh which is used for creating new SSH relays for the device so that the device connects to Vera servers. All the...
CVE-2018-17079 1 Zrlog 1 Zrlog 2019-06-20 4.3
An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area.
CVE-2018-17423 1 E107 1 E107 2019-06-20 3.5
An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php.
CVE-2019-12830 1 Mybb 1 Mybb 2019-06-20 3.5
In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue.