Total
41073 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-5467 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.4 Medium |
| An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. | ||||
| CVE-2019-5458 | 1 Http-file-server Project | 1 Http-file-server | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser. | ||||
| CVE-2019-5457 | 1 Min-http-server Project | 1 Min-http-server | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in min-http-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser. | ||||
| CVE-2019-5450 | 1 Nextcloud | 1 Nextcloud | 2024-11-21 | 6.8 Medium |
| Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML. | ||||
| CVE-2019-5422 | 1 Buttle Project | 1 Buttle | 2024-11-21 | N/A |
| XSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim's browser when an attacker creates an arbitrary file on the server. | ||||
| CVE-2019-5403 | 1 Hp | 1 3par Storeserv Management Console | 2024-11-21 | N/A |
| A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | ||||
| CVE-2019-5401 | 1 Hp | 2 Hp2910al-48g, Hp2910al-48g Firmware | 2024-11-21 | N/A |
| A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). But admin privileges are required to configure these fields thereby reducing the likelihood of exploit. HPE Aruba has provided firmware updates to resolve the vulnerability in HP 2910-48G al Switch. Please update to W.15.14.0017. | ||||
| CVE-2019-5398 | 1 Hp | 2 3par Service Processor, 3par Service Processor Firmware | 2024-11-21 | N/A |
| A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. | ||||
| CVE-2019-5397 | 1 Hp | 2 3par Service Processor, 3par Service Processor Firmware | 2024-11-21 | N/A |
| A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. | ||||
| CVE-2019-5320 | 1 Arubanetworks | 12 2530, 2530 Firmware, 2540 and 9 more | 2024-11-21 | 6.1 Medium |
| Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Cross Site Scripting in the web UI, leading to injection of code. | ||||
| CVE-2019-5311 | 1 Yunucms | 1 Yunucms | 2024-11-21 | N/A |
| An issue was discovered in YUNUCMS V1.1.8. app/index/controller/Show.php has an XSS vulnerability via the index.php/index/show/index cw parameter. | ||||
| CVE-2019-5310 | 1 Yunucms | 1 Yunucms | 2024-11-21 | N/A |
| YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by site_title in an admin/system/basic POST request. | ||||
| CVE-2019-5286 | 1 Huawei | 1 Hedex Lite | 2024-11-21 | N/A |
| There is a reflection XSS vulnerability in the HedEx products. Remote attackers send malicious links to users and trick users to click. Successfully exploit cloud allow the attacker to initiate XSS attacks. Affects HedEx Lite versions earlier than V200R006C00SPC007. | ||||
| CVE-2019-4749 | 1 Ibm | 20 Control Desk, Maximo Asset Configuration Manager, Maximo Asset Health Insights and 17 more | 2024-11-21 | 5.4 Medium |
| IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308. | ||||
| CVE-2019-4748 | 1 Ibm | 10 Collaborative Lifecycle Management, Doors Next, Engineering Lifecycle Manager and 7 more | 2024-11-21 | 5.4 Medium |
| IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174. | ||||
| CVE-2019-4747 | 1 Ibm | 2 Engineering Workflow Management, Rational Team Concert | 2024-11-21 | 5.4 Medium |
| IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172887. | ||||
| CVE-2019-4746 | 1 Ibm | 2 Doors Next Generation, Rational Doors Next Generation | 2024-11-21 | 5.4 Medium |
| IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172885. | ||||
| CVE-2019-4744 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2024-11-21 | 6.1 Medium |
| IBM Financial Transaction Manager 3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172882. | ||||
| CVE-2019-4740 | 1 Ibm | 2 Doors Next Generation, Rational Doors Next Generation | 2024-11-21 | 5.4 Medium |
| IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172808. | ||||
| CVE-2019-4737 | 1 Ibm | 2 Doors Next Generation, Rational Doors Next Generation | 2024-11-21 | 5.4 Medium |
| IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172707. | ||||