CVE |
Vendors |
Products |
Updated |
CVSS |
CVE-2019-3709 |
1 Dell |
1 Emc Isilonsd Management Server |
2019-10-09 |
9.3 |
IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering vCenter servers. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in... |
CVE-2019-3708 |
1 Dell |
1 Emc Isilonsd Management Server |
2019-10-09 |
9.3 |
IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an OVA file. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the... |
CVE-2018-19222 |
1 Laobancms |
1 Laobancms |
2019-10-03 |
7.5 |
An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists. |
CVE-2017-3557 |
1 Oracle |
1 One-to-one Fulfillment |
2019-10-03 |
7.8 |
Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows... |
CVE-2017-8898 |
1 Invisionpower |
1 Invision Power Board |
2019-10-03 |
7.5 |
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announce_content parameter in an... |
CVE-2018-10369 |
1 Intelbras |
1 Win 240 Firmware |
2019-10-03 |
10.0 |
A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login. |
CVE-2019-15318 |
|
|
2019-08-26 |
7.5 |
The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field. |
CVE-2019-6636 |
1 F5 |
2 Big-ip Advanced Firewall Manager, Big-ip Application Security Manager |
2019-07-11 |
8.5 |
On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a stored cross-site scripting vulnerability in AFM feed list. In the worst case, an attacker can store a CSRF which results in code... |
CVE-2019-11982 |
1 Hp |
2 Integrated Lights-out 4 Firmware, Integrated Lights-out 5 Firmware |
2019-06-07 |
7.6 |
A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39. |
CVE-2018-18864 |
|
|
2018-12-31 |
9.3 |
Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed. |
CVE-2008-0454 |
2 Microsoft, Skype Technologies |
2 Ie, Skype |
2018-10-15 |
9.3 |
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone... |
CVE-2004-1875 |
1 Cpanel |
1 Cpanel |
2017-07-11 |
9.3 |
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to... |
CVE-2007-3482 |
1 Apple |
1 Safari |
2008-11-15 |
7.8 |
Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets... |