Total
36961 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-0269 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.10 and 4.20, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-0262 | 1 Sap | 1 Businessobjects Bi Platform | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-0254 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-0251 | 1 Sap | 1 Businessobjects | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-0245 | 1 Sap | 3 Customer Relationship Management Webclient Ui, S4fnd, Sapscore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-0244 | 1 Sap | 3 Customer Relationship Management Webclient Ui, S4fnd, Sapscore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-0238 | 1 Sap | 1 Hybris | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Commerce (previously known as SAP Hybris Commerce), before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2019-0234 | 1 Apache | 1 Roller | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade to the latest version of Roller, which is now Roller 5.2.3. | |||||
| CVE-2019-0224 | 1 Apache | 1 Jspwiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser. | |||||
| CVE-2019-0221 | 1 Apache | 1 Tomcat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website. | |||||
| CVE-2019-0218 | 1 Apache | 1 Pony Mail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface. | |||||
| CVE-2019-0216 | 1 Apache | 1 Airflow | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. | |||||
| CVE-2019-0213 | 1 Apache | 1 Archiva | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva server must be compromised. | |||||
| CVE-2019-0186 | 1 Apache | 1 Pluto | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting (XSS) attacks. Mitigation: * Uninstall the ChatRoomDemo war file - or - * migrate to version 3.1.0 of the chat-room-demo war file | |||||
| CVE-2019-0130 | 2 Intel, Lenovo | 9 Rapid Storage Technology Enterprise, Thinkstation P520, Thinkstation P520 Firmware and 6 more | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
| Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2019-0047 | 1 Juniper | 1 Junos | 2024-11-21 | 4.3 MEDIUM | 8.8 HIGH |
| A persistent Cross-Site Scripting (XSS) vulnerability in Junos OS J-Web interface may allow remote unauthenticated attackers to perform administrative actions on the Junos device. Successful exploitation requires a Junos administrator to first perform certain diagnostic actions on J-Web. This issue affects: Juniper Networks Junos OS 12.1X46 versions prior to 12.1X46-D86; 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1F6-S13, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D497, 15.1X53-D69; 16.1 versions prior to 16.1R7-S5; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R1-S7, 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3; 18.3 versions prior to 18.3R1-S3, 18.3R2, 18.3R3; 18.4 versions prior to 18.4R1-S2, 18.4R2. | |||||
| CVE-2019-0027 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A persistent cross-site scripting (XSS) vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | |||||
| CVE-2019-0026 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A persistent cross-site scripting (XSS) vulnerability in the Zone configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | |||||
| CVE-2019-0025 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | |||||
| CVE-2019-0024 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | |||||