Vulnerabilities (CVE)

CWE filter

CWE-79

Filter

12018 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-0375 1 Sap 1 Businessobjects Business Intelligence Platform 2019-10-10 3.5
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name...
CVE-2019-0376 1 Sap 1 Businessobjects Business Intelligence Platform 2019-10-10 3.5
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which...
CVE-2019-0377 1 Sap 1 Businessobjects Business Intelligence Platform 2019-10-10 3.5
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the input controls, resulting in...
CVE-2019-0378 1 Sap 1 Businessobjects Business Intelligence Platform 2019-10-10 3.5
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background...
CVE-2019-12695 1 Cisco 1 Firepower Threat Defense 2019-10-10 4.3
A vulnerability in the Clientless SSL VPN (WebVPN) portal of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack...
CVE-2019-10215 2019-10-10 4.3
Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser.
CVE-2019-11212 1 Tibco 1 Master Data Management 2019-10-10 3.5
The MDM server component of TIBCO Software Inc's TIBCO MDM contains multiple vulnerabilities that theoretically allow an authenticated user with specific roles to perform cross-site scripting (XSS) attacks. This issue affects TIBCO Software...
CVE-2019-7671 1 Primasystems 1 Flexair 2019-10-10 3.5
Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to scripts are not properly sanitized before being returned to the user, which may allow an attacker to execute arbitrary code in a user?s browser session in context of an affected site.
CVE-2019-1578 1 Paloaltonetworks 1 Minemeld 2019-10-10 4.3
Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary...
CVE-2019-11649 1 Microfocus 1 Fortify Software Security Center 2019-10-10 3.5
Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in...
CVE-2019-0316 1 Sap 1 Netweaver Process Integration 2019-10-10 3.5
SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data...
CVE-2018-7827 2019-10-10 3.5
A Cross-Site Scripting (XSS) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which a remote attacker can execute arbitrary HTML and script code in a user?s browser session.
CVE-2018-19615 1 Rockwellautomation 1 Powermonitor 1000 Firmware 2019-10-10 4.3
Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted user???s web browser to gain access to the affected device.
CVE-2016-5819 2019-10-10 4.3
Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute arbitrary script code in the user?s...
CVE-2006-0706 1 Gastebuch 1 Gastebuch 2019-10-10 4.3
Cross-site scripting vulnerability in eintrag.php in G?stebuch (Gastebuch) before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the URL, which is used in the homepage parameter.
CVE-2019-9919 1 Harmistechnology 1 Je Messenger 2019-10-09 N/A
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when the message is opened, aka XSS.
CVE-2019-8987 1 Tibco 2 Data Science For Aws, Spotfire Data Science 2019-10-09 N/A
The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically allows an authenticated user to gain access to all...
CVE-2019-7000 1 Avaya 1 Aura Conferencing 2019-10-09 5.8
A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14...
CVE-2019-6835 2019-10-09 3.5
A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus,...
CVE-2019-6565 1 Moxa 4 Eds-405a Firmware, Eds-408a Firmware, Eds-510a Firmware and 1 more 2019-10-09 4.3
Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script.