Export limit exceeded: 13715 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45575 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45575 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-3686 | 1 Suse | 1 Openqa | 2024-11-21 | 6.5 Medium |
| openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter. This was reported through the bug bounty program of Offensive Security | ||||
| CVE-2019-3670 | 1 Mcafee | 1 Web Advisor | 2024-11-21 | 8 High |
| Remote Code Execution vulnerability in the web interface in McAfee Web Advisor (WA) 8.0.34745 and earlier allows remote unauthenticated attacker to execute arbitrary code via a cross site scripting attack. | ||||
| CVE-2019-3638 | 1 Mcafee | 1 Web Gateway | 2024-11-21 | 8.1 High |
| Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link. | ||||
| CVE-2019-3602 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | N/A |
| Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML. | ||||
| CVE-2019-3591 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-11-21 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ePO extension in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows unauthenticated remote user to trigger specially crafted JavaScript to render in the ePO UI via a carefully crafted upload to a remote website which is correctly blocked by DLPe Web Protection. This would then render as an XSS when the DLP Admin viewed the event in the ePO UI. | ||||
| CVE-2019-3562 | 1 Oculus | 1 Oculus Browser | 2024-11-21 | N/A |
| A remote web page could inject arbitrary HTML code into the Oculus Browser UI, allowing an attacker to spoof UI and potentially execute code. This affects the Oculus Browser starting from version 5.2.7 until 5.7.11. | ||||
| CVE-2019-3501 | 1 Ougc Awards Project | 1 Ougc Awards | 2024-11-21 | N/A |
| The OUGC Awards plugin before 1.8.19 for MyBB allows XSS via a crafted award reason that is mishandled on the awards page or in a user profile. | ||||
| CVE-2019-3497 | 1 Indionetworks | 2 Unibox, Unibox Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. The tools/ping Ping feature of the Diagnostic Tools component is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials. | ||||
| CVE-2019-3496 | 1 Indionetworks | 2 Unibox, Unibox Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered on Wifi-soft UniBox controller 3.x devices. The tools/controller/diagnostic_tools_controller Diagnostic Tools Controller is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials. | ||||
| CVE-2019-3495 | 1 Indionetworks | 2 Unibox, Unibox Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. network/mesh/edit-nds.php is vulnerable to arbitrary file upload, allowing an attacker to upload .php files and execute code on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials. | ||||
| CVE-2019-3490 | 1 Microfocus | 1 Open Enterprise Server | 2024-11-21 | N/A |
| A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote attacker to execute javascript in the victims browser by tricking the victim into clicking on a specially crafted link. This affects OES versions OES2015SP1, OES2018, and OES2018SP1. Older versions may be affected but were not tested as they are out of support. | ||||
| CVE-2019-3486 | 1 Hp | 1 Arcsight Management Center | 2024-11-21 | N/A |
| Mitigates a stored cross site scripting issue in ArcSight Security Management Center versions prior to 2.9.1 | ||||
| CVE-2019-3485 | 1 Hp | 1 Arcsight Logger | 2024-11-21 | N/A |
| Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1 | ||||
| CVE-2019-3480 | 1 Hp | 1 Arcsight Logger | 2024-11-21 | N/A |
| Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7. | ||||
| CVE-2019-3418 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2024-11-21 | 5.4 Medium |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability to execute malicious scripts. | ||||
| CVE-2019-3414 | 1 Zte | 2 Otcp, Otcp Firmware | 2024-11-21 | N/A |
| All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. Due to XSS, when an attacker invokes the security management to obtain the resources of the specified operation code owned by a user, the malicious script code could be transmitted in the parameter. If the front end does not process the returned result from the interface properly, the malicious script may be executed and the user cookie or other important information may be stolen. | ||||
| CVE-2019-3413 | 1 Zte | 2 Netnumen Dap, Netnumen Dap Firmware | 2024-11-21 | N/A |
| All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an XSS vulnerability. Due to the lack of correct validation of client data in WEB applications, which results in users being hijacked. | ||||
| CVE-2019-3402 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | N/A |
| The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter. | ||||
| CVE-2019-3400 | 1 Atlassian | 1 Jira Server | 2024-11-21 | 6.1 Medium |
| The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jql parameter. | ||||
| CVE-2019-2999 | 6 Canonical, Debian, Netapp and 3 more | 21 Ubuntu Linux, Debian Linux, E-series Santricity Os Controller and 18 more | 2024-11-21 | 4.7 Medium |
| Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N). | ||||