ReportizFlow
Filtered by vendor
Subscriptions
Total
40464 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-0130 | 2 Intel, Lenovo | 9 Rapid Storage Technology Enterprise, Thinkstation P520, Thinkstation P520 Firmware and 6 more | 2024-11-21 | 7.4 High |
| Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access. | ||||
| CVE-2019-0047 | 1 Juniper | 1 Junos | 2024-11-21 | 8.8 High |
| A persistent Cross-Site Scripting (XSS) vulnerability in Junos OS J-Web interface may allow remote unauthenticated attackers to perform administrative actions on the Junos device. Successful exploitation requires a Junos administrator to first perform certain diagnostic actions on J-Web. This issue affects: Juniper Networks Junos OS 12.1X46 versions prior to 12.1X46-D86; 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1F6-S13, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D497, 15.1X53-D69; 16.1 versions prior to 16.1R7-S5; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R1-S7, 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3; 18.3 versions prior to 18.3R1-S3, 18.3R2, 18.3R3; 18.4 versions prior to 18.4R1-S2, 18.4R2. | ||||
| CVE-2019-0027 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2024-11-21 | N/A |
| A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | ||||
| CVE-2019-0026 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2024-11-21 | N/A |
| A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | ||||
| CVE-2019-0025 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2024-11-21 | N/A |
| A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | ||||
| CVE-2019-0024 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2024-11-21 | N/A |
| A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | ||||
| CVE-2019-0023 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2024-11-21 | N/A |
| A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | ||||
| CVE-2019-0018 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2024-11-21 | N/A |
| A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | ||||
| CVE-2018-9999 | 1 Zulip | 1 Zulip Server | 2024-11-21 | N/A |
| In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend. | ||||
| CVE-2018-9997 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets. | ||||
| CVE-2018-9993 | 1 Yunucms | 1 Yunucms | 2024-11-21 | N/A |
| YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/## page (aka a news center page). | ||||
| CVE-2018-9992 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | N/A |
| Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen. | ||||
| CVE-2018-9991 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | N/A |
| Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter. | ||||
| CVE-2018-9990 | 1 Zulip | 1 Zulip Server | 2024-11-21 | N/A |
| In Zulip Server versions before 1.7.2, there was an XSS issue with stream names in topic typeahead. | ||||
| CVE-2018-9987 | 1 Zulip | 1 Zulip Server | 2024-11-21 | N/A |
| In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2, there was an XSS issue with muting notifications. | ||||
| CVE-2018-9986 | 1 Zulip | 1 Zulip Server | 2024-11-21 | N/A |
| In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor. | ||||
| CVE-2018-9985 | 1 Metinfo | 1 Metinfo | 2024-11-21 | N/A |
| The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator. | ||||
| CVE-2018-9928 | 1 Metinfo | 1 Metinfo | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter. | ||||
| CVE-2018-9925 | 1 Icmsdev | 1 Icms | 2024-11-21 | N/A |
| An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request. | ||||
| CVE-2018-9864 | 1 3cx | 1 Live Chat | 2024-11-21 | N/A |
| The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field. | ||||