Latest CVE Feed
-
5.4
MEDIUMCVE-2019-11370
Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field.... Read more
- EPSS Score: %10.00
- Published: Jun. 03, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-11226
CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Article" under Content -> Content Manager -> News.... Read more
Affected Products : cms_made_simple- EPSS Score: %0.29
- Published: Jun. 05, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-10335
A stored cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier allowed attackers able to configure jobs in Jenkins or control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in the plugin-provided o... Read more
Affected Products : electricflow- EPSS Score: %0.07
- Published: Jun. 11, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-4403
IBM Connections 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IB... Read more
Affected Products : connections- EPSS Score: %0.16
- Published: Jun. 14, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2018-18880
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script.... Read more
- EPSS Score: %0.12
- Published: Jun. 18, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2018-18875
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php.... Read more
- EPSS Score: %0.12
- Published: Jun. 18, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-11649
Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in user’s br... Read more
Affected Products : fortify_software_security_center- EPSS Score: %0.17
- Published: Jun. 19, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2018-16247
YzmCMS 5.1 has XSS via the admin/system_manage/user_config_add.html title parameter.... Read more
Affected Products : yzmcms- EPSS Score: %0.26
- Published: Jun. 20, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-9957
Stored XSS within Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the user... Read more
Affected Products : espressreport_es- EPSS Score: %0.16
- Published: Jun. 24, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2018-1758
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cre... Read more
- EPSS Score: %0.21
- Published: Jun. 27, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2018-1760
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cre... Read more
- EPSS Score: %0.21
- Published: Jun. 27, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2018-1828
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cre... Read more
- EPSS Score: %0.21
- Published: Jun. 27, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2018-1893
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cre... Read more
- EPSS Score: %0.21
- Published: Jun. 27, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-4083
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona... Read more
- EPSS Score: %0.28
- Published: Jun. 27, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-13072
Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page.... Read more
Affected Products : zoneminder- EPSS Score: %0.27
- Published: Jun. 30, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2016-5236
Cross-Site-Scripting (XSS) vulnerabilities in F5 WebSafe Dashboard 3.9.5 and earlier, aka F5 WebSafe Alert Server, allow privileged authenticated users to inject arbitrary web script or HTML when creating a new user, account or signature.... Read more
Affected Products : websafe_alert_server- EPSS Score: %0.25
- Published: Jul. 01, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-1010307
GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). The impact is: All dropdown values are vulnerable to XSS leading to privilege escalation and executing js on admin. The component is: /glpi/ajax/getDropDownValue.php. The attack vector is... Read more
Affected Products : glpi- EPSS Score: %0.25
- Published: Jul. 15, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-13645
Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during attachments/edit/$file_id$ attachment editing. NOTE: It is asserted that an attacker must h... Read more
Affected Products : firefly_iii- EPSS Score: %0.21
- Published: Jul. 18, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-13646
Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerabili... Read more
Affected Products : firefly_iii- EPSS Score: %0.21
- Published: Jul. 18, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2019-13948
SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element.... Read more
Affected Products : syguestbook_a5- EPSS Score: %0.21
- Published: Jul. 18, 2019
- Modified: Nov. 21, 2024