Total
44064 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-4028 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 5.4 Medium |
| IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155906. | ||||
| CVE-2019-4027 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 5.4 Medium |
| IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 155905. | ||||
| CVE-2019-4011 | 1 Ibm | 1 Bigfix Platform | 2024-11-21 | 5.4 Medium |
| IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155885. | ||||
| CVE-2019-3966 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A |
| In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreign_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session. | ||||
| CVE-2019-3965 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A |
| In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the document_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session. | ||||
| CVE-2019-3964 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A |
| In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session. | ||||
| CVE-2019-3963 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A |
| In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session. | ||||
| CVE-2019-3962 | 1 Tenable | 1 Nessus | 2024-11-21 | N/A |
| Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Successful exploitation could allow the authenticated adversary to inject arbitrary text into the feed status, which will remain saved post session expiration. | ||||
| CVE-2019-3961 | 1 Tenable | 1 Nessus | 2024-11-21 | N/A |
| Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a users browser session. | ||||
| CVE-2019-3958 | 1 Wallaceit | 1 Wallacepos | 2024-11-21 | N/A |
| Insufficient output sanitization in WallacePOS 1.4.3 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks via a crafted sales transaction. | ||||
| CVE-2019-3926 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2024-11-21 | 9.8 Critical |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.14.1. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root. | ||||
| CVE-2019-3925 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2024-11-21 | 9.8 Critical |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.9.3. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root. | ||||
| CVE-2019-3923 | 1 Tenable | 1 Nessus | 2024-11-21 | N/A |
| Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser session. Tenable has released Nessus 8.2.2 to address this issue. | ||||
| CVE-2019-3911 | 1 Labkey | 1 Labkey Server | 2024-11-21 | 6.1 Medium |
| Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /__r2/query endpoints. | ||||
| CVE-2019-3889 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2024-11-21 | 5.4 Medium |
| A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11. An attacker could use this flaw to steal authorization data by getting them to click on a malicious link. | ||||
| CVE-2019-3873 | 1 Redhat | 4 Enterprise Linux, Jboss Enterprise Application Platform, Jboss Single Sign On and 1 more | 2024-11-21 | N/A |
| It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks. | ||||
| CVE-2019-3872 | 1 Redhat | 4 Enterprise Linux, Jboss Enterprise Application Platform, Jboss Single Sign On and 1 more | 2024-11-21 | N/A |
| It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks. | ||||
| CVE-2019-3865 | 1 Redhat | 1 Quay | 2024-11-21 | 6.1 Medium |
| A vulnerability was found in quay-2, where a stored XSS vulnerability has been found in the super user function of quay. Attackers are able to use the name field of service key to inject scripts and make it run when admin users try to change the name. | ||||
| CVE-2019-3847 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.8 Medium |
| A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf. | ||||
| CVE-2019-3826 | 2 Prometheus, Redhat | 3 Prometheus, Openshift, Openshift Container Platform | 2024-11-21 | N/A |
| A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts. | ||||