Latest CVE Feed
-
5.4
MEDIUMCVE-2018-1758
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cre... Read more
- EPSS Score: %0.21
- Published: Jun. 27, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2018-1760
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cre... Read more
- EPSS Score: %0.21
- Published: Jun. 27, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2018-1828
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cre... Read more
- EPSS Score: %0.21
- Published: Jun. 27, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2018-1893
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cre... Read more
- EPSS Score: %0.21
- Published: Jun. 27, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-4083
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona... Read more
- EPSS Score: %0.28
- Published: Jun. 27, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-13072
Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page.... Read more
Affected Products : zoneminder- EPSS Score: %0.27
- Published: Jun. 30, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2016-5236
Cross-Site-Scripting (XSS) vulnerabilities in F5 WebSafe Dashboard 3.9.5 and earlier, aka F5 WebSafe Alert Server, allow privileged authenticated users to inject arbitrary web script or HTML when creating a new user, account or signature.... Read more
Affected Products : websafe_alert_server- EPSS Score: %0.25
- Published: Jul. 01, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-1010307
GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). The impact is: All dropdown values are vulnerable to XSS leading to privilege escalation and executing js on admin. The component is: /glpi/ajax/getDropDownValue.php. The attack vector is... Read more
Affected Products : glpi- EPSS Score: %0.25
- Published: Jul. 15, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-13645
Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during attachments/edit/$file_id$ attachment editing. NOTE: It is asserted that an attacker must h... Read more
Affected Products : firefly_iii- EPSS Score: %0.21
- Published: Jul. 18, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-13646
Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerabili... Read more
Affected Products : firefly_iii- EPSS Score: %0.21
- Published: Jul. 18, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-13948
SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element.... Read more
Affected Products : syguestbook_a5- EPSS Score: %0.21
- Published: Jul. 18, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-14297
Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with a crafted Caption field to setDashboardWidget in CommonDataHandlerReadOnly.ashx.... Read more
Affected Products : one_reporter- EPSS Score: %0.18
- Published: Jul. 27, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-14298
Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(config) field to addDashboard or editDashboard in CommonDataHandlerReadOnly.ashx.... Read more
Affected Products : one_reporter- EPSS Score: %0.18
- Published: Jul. 27, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-1105
A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker ... Read more
Affected Products : outlook- EPSS Score: %0.53
- Published: Jul. 29, 2019
- Modified: May. 20, 2025
-
5.4
MEDIUMCVE-2019-1020005
invenio-communities before 1.0.0a20 allows XSS.... Read more
Affected Products : invenio-communities- EPSS Score: %0.21
- Published: Jul. 29, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-11199
Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. The vul... Read more
Affected Products : dolibarr_erp\/crm- EPSS Score: %0.49
- Published: Jul. 29, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-14386
cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504).... Read more
Affected Products : cpanel- EPSS Score: %0.30
- Published: Jul. 30, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-14390
cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512).... Read more
Affected Products : cpanel- EPSS Score: %0.30
- Published: Jul. 30, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-4285
IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijac... Read more
Affected Products : websphere_application_server- EPSS Score: %0.03
- Published: Jul. 30, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-10360
A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.... Read more
- EPSS Score: %0.12
- Published: Jul. 31, 2019
- Modified: Nov. 21, 2024