Vulnerabilities (CVE)

CWE filter

CWE-79

Filter

13 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-3709 1 Dell 1 Emc Isilonsd Management Server 2019-10-09 9.3
IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering vCenter servers. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in...
CVE-2019-3708 1 Dell 1 Emc Isilonsd Management Server 2019-10-09 9.3
IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an OVA file. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the...
CVE-2018-19222 1 Laobancms 1 Laobancms 2019-10-03 7.5
An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists.
CVE-2017-3557 1 Oracle 1 One-to-one Fulfillment 2019-10-03 7.8
Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows...
CVE-2017-8898 1 Invisionpower 1 Invision Power Board 2019-10-03 7.5
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announce_content parameter in an...
CVE-2018-10369 1 Intelbras 1 Win 240 Firmware 2019-10-03 10.0
A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login.
CVE-2019-15318 2019-08-26 7.5
The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field.
CVE-2019-6636 1 F5 2 Big-ip Advanced Firewall Manager, Big-ip Application Security Manager 2019-07-11 8.5
On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a stored cross-site scripting vulnerability in AFM feed list. In the worst case, an attacker can store a CSRF which results in code...
CVE-2019-11982 1 Hp 2 Integrated Lights-out 4 Firmware, Integrated Lights-out 5 Firmware 2019-06-07 7.6
A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.
CVE-2018-18864 2018-12-31 9.3
Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed.
CVE-2008-0454 2 Microsoft, Skype Technologies 2 Ie, Skype 2018-10-15 9.3
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone...
CVE-2004-1875 1 Cpanel 1 Cpanel 2017-07-11 9.3
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to...
CVE-2007-3482 1 Apple 1 Safari 2008-11-15 7.8
Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets...