Total
36932 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3770 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 3.5 LOW | 6.4 MEDIUM |
| Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. | |||||
| CVE-2019-3769 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 3.5 LOW | 6.4 MEDIUM |
| Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious payload in the device heartbeat request. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. | |||||
| CVE-2019-3761 | 1 Dell | 2 Rsa Identity Governance And Lifecycle, Rsa Via Lifecycle And Governance | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a stored cross-site scripting vulnerability in the Access Request module. A remote authenticated malicious user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the stored malicious code would gets executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2019-3754 | 1 Dell | 4 Emc Unity Operating Environment, Emc Unityvsa Operating Environment, Emc Vnxe3200 and 1 more | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
| Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected cross-site scripting vulnerability on the cas/logout page. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser. | |||||
| CVE-2019-3747 | 1 Dell | 5 Emc Idpa Dp4400, Emc Idpa Dp5800, Emc Idpa Dp8300 and 2 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. A remote malicious ACM admin user may potentially exploit this vulnerability to store malicious HTML or JavaScript code in Cloud DR add-on specific field. When victim users access the page through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. | |||||
| CVE-2019-3709 | 1 Dell | 1 Emc Isilonsd Management Server | 2024-11-21 | 9.3 HIGH | 8.3 HIGH |
| IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering vCenter servers. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user. | |||||
| CVE-2019-3708 | 1 Dell | 1 Emc Isilonsd Management Server | 2024-11-21 | 9.3 HIGH | 8.3 HIGH |
| IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an OVA file. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user. | |||||
| CVE-2019-3686 | 1 Suse | 1 Openqa | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter. This was reported through the bug bounty program of Offensive Security | |||||
| CVE-2019-3670 | 1 Mcafee | 1 Web Advisor | 2024-11-21 | 4.3 MEDIUM | 8.0 HIGH |
| Remote Code Execution vulnerability in the web interface in McAfee Web Advisor (WA) 8.0.34745 and earlier allows remote unauthenticated attacker to execute arbitrary code via a cross site scripting attack. | |||||
| CVE-2019-3638 | 1 Mcafee | 1 Web Gateway | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link. | |||||
| CVE-2019-3602 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML. | |||||
| CVE-2019-3591 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-11-21 | 4.3 MEDIUM | 3.9 LOW |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ePO extension in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows unauthenticated remote user to trigger specially crafted JavaScript to render in the ePO UI via a carefully crafted upload to a remote website which is correctly blocked by DLPe Web Protection. This would then render as an XSS when the DLP Admin viewed the event in the ePO UI. | |||||
| CVE-2019-3578 | 1 Mybb | 1 Mybb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MyBB 1.8.19 has XSS in the resetpassword function. | |||||
| CVE-2019-3562 | 1 Oculus | 1 Oculus Browser | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote web page could inject arbitrary HTML code into the Oculus Browser UI, allowing an attacker to spoof UI and potentially execute code. This affects the Oculus Browser starting from version 5.2.7 until 5.7.11. | |||||
| CVE-2019-3501 | 1 Ougc Awards Project | 1 Ougc Awards | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The OUGC Awards plugin before 1.8.19 for MyBB allows XSS via a crafted award reason that is mishandled on the awards page or in a user profile. | |||||
| CVE-2019-3490 | 1 Microfocus | 1 Open Enterprise Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote attacker to execute javascript in the victims browser by tricking the victim into clicking on a specially crafted link. This affects OES versions OES2015SP1, OES2018, and OES2018SP1. Older versions may be affected but were not tested as they are out of support. | |||||
| CVE-2019-3486 | 1 Hp | 1 Arcsight Management Center | 2024-11-21 | 4.3 MEDIUM | 4.6 MEDIUM |
| Mitigates a stored cross site scripting issue in ArcSight Security Management Center versions prior to 2.9.1 | |||||
| CVE-2019-3485 | 1 Hp | 1 Arcsight Logger | 2024-11-21 | 4.3 MEDIUM | 4.6 MEDIUM |
| Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1 | |||||
| CVE-2019-3480 | 1 Hp | 1 Arcsight Logger | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7. | |||||
| CVE-2019-3418 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability to execute malicious scripts. | |||||