Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-2314

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-07 Mar, 2014 | 20:00
Updated At-06 Aug, 2024 | 10:06
Rejected At-
Credits

Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:07 Mar, 2014 | 20:00
Updated At:06 Aug, 2024 | 10:06
Rejected At:
▼CVE Numbering Authority (CNA)

Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26
x_refsource_CONFIRM
http://www.exploit-db.com/exploits/32725
exploit
x_refsource_EXPLOIT-DB
http://blog.h3xstream.com/2014/02/jira-path-traversal-explained.html
x_refsource_MISC
Hyperlink: https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.exploit-db.com/exploits/32725
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://blog.h3xstream.com/2014/02/jira-path-traversal-explained.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26
x_refsource_CONFIRM
x_transferred
http://www.exploit-db.com/exploits/32725
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://blog.h3xstream.com/2014/02/jira-path-traversal-explained.html
x_refsource_MISC
x_transferred
Hyperlink: https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.exploit-db.com/exploits/32725
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://blog.h3xstream.com/2014/02/jira-path-traversal-explained.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:09 Mar, 2014 | 13:16
Updated At:12 Apr, 2025 | 10:46

Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
Atlassian
atlassian
>>jira>>Versions up to 6.0.3(inclusive)
cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
Atlassian
atlassian
>>jira>>6.0
cpe:2.3:a:atlassian:jira:6.0:*:*:*:*:*:*:*
Atlassian
atlassian
>>jira>>6.0.1
cpe:2.3:a:atlassian:jira:6.0.1:*:*:*:*:*:*:*
Atlassian
atlassian
>>jira>>6.0.2
cpe:2.3:a:atlassian:jira:6.0.2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarynvd@nist.gov
CWE ID: CWE-22
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Per: https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26 "Issue 1: Path traversal in JIRA Issue Collector plugin (Windows only)"

Vendor Statements
References
HyperlinkSourceResource
http://blog.h3xstream.com/2014/02/jira-path-traversal-explained.htmlcve@mitre.org
Exploit
http://www.exploit-db.com/exploits/32725cve@mitre.org
Exploit
https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26cve@mitre.org
Vendor Advisory
http://blog.h3xstream.com/2014/02/jira-path-traversal-explained.htmlaf854a3a-2127-422b-91ae-364da2661108
Exploit
http://www.exploit-db.com/exploits/32725af854a3a-2127-422b-91ae-364da2661108
Exploit
https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://blog.h3xstream.com/2014/02/jira-path-traversal-explained.html
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.exploit-db.com/exploits/32725
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://blog.h3xstream.com/2014/02/jira-path-traversal-explained.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://www.exploit-db.com/exploits/32725
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

804Records found
CVE-2017-2929
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-4.92% / 89.21%
||
7 Day CHG~0.00%
Published-24 Jan, 2017 | 07:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution.

Action-Not Available
Vendor-n/aAdobe Inc.Microsoft Corporation
Product-acrobatwindowsAdobe Acrobat Extension for Chrome 15.1.0.3
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-5319
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.51% / 65.31%
||
7 Day CHG~0.00%
Published-20 Aug, 2013 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa.

Action-Not Available
Vendor-n/aAtlassian
Product-jiran/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-42305
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-10.06% / 92.78%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 00:47
Updated-04 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Spoofing Vulnerability

Microsoft Exchange Server Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2019 Cumulative Update 11Microsoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2016 Cumulative Update 22Microsoft Exchange Server 2016 Cumulative Update 21Microsoft Exchange Server 2019 Cumulative Update 10
CVE-2017-3104
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-1.37% / 79.44%
||
7 Day CHG~0.00%
Published-01 Dec, 2017 | 08:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2.

Action-Not Available
Vendor-n/aAdobe Inc.Microsoft Corporation
Product-robohelpwindowsAdobe RoboHelp RH2017.0.1 and earlier versions
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18090
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-0.22% / 45.07%
||
7 Day CHG~0.00%
Published-16 Feb, 2018 | 18:00
Updated-17 Sep, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various resources in Atlassian Fisheye before version 4.5.1 (the fixed version for 4.5.x) and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a commit author.

Action-Not Available
Vendor-Atlassian
Product-fisheyeFisheye
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-43255
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.25% / 78.48%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 14:15
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Trust Center Spoofing Vulnerability

Microsoft Office Trust Center Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office 2016Microsoft Office LTSC 2021Microsoft Office 2013 Service Pack 1Microsoft Office 2019
CVE-2017-18098
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-0.22% / 45.07%
||
7 Day CHG~0.00%
Published-06 Apr, 2018 | 13:00
Updated-16 Sep, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields.

Action-Not Available
Vendor-Atlassian
Product-jiraJira
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18100
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-0.17% / 39.05%
||
7 Day CHG~0.00%
Published-10 Apr, 2018 | 13:00
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters.

Action-Not Available
Vendor-n/aAtlassian
Product-jiran/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18088
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.56%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 13:00
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection.

Action-Not Available
Vendor-n/aAtlassian
Product-bitbucketn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18103
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-4.7||MEDIUM
EPSS-0.17% / 38.84%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 14:00
Updated-17 Sep, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml.

Action-Not Available
Vendor-Atlassian
Product-http_libraryatlassian-http
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18085
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-0.20% / 42.62%
||
7 Day CHG~0.00%
Published-02 Feb, 2018 | 14:00
Updated-17 Sep, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The viewdefaultdecorator resource in Atlassian Confluence Server before version 6.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the key parameter.

Action-Not Available
Vendor-Atlassian
Product-confluenceConfluence
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18033
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 25.21%
||
7 Day CHG~0.00%
Published-18 Jan, 2018 | 14:00
Updated-17 Sep, 2024 | 03:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities.

Action-Not Available
Vendor-Atlassian
Product-jiraJira
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-16910
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.2||MEDIUM
EPSS-2.41% / 84.46%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 22:17
Updated-04 Aug, 2024 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Security Feature Bypass Vulnerability

<p>A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location.</p> <p>To exploit this vulnerability, an attacker could run a specially crafted application to bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows.</p> <p>The security update addresses the vulnerability by correcting security feature behavior to enforce permissions.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1709Windows 10 Version 1909Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1803Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit Systems
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2017-16864
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-0.23% / 45.23%
||
7 Day CHG~0.00%
Published-12 Jan, 2018 | 14:00
Updated-16 Sep, 2024 | 23:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter.

Action-Not Available
Vendor-Atlassian
Product-jiraJira
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-41350
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.47% / 88.66%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:28
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Spoofing Vulnerability

Microsoft Exchange Server Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2019 Cumulative Update 11Microsoft Exchange Server 2019 Cumulative Update 10Microsoft Exchange Server 2016 Cumulative Update 21Microsoft Exchange Server 2016 Cumulative Update 22
CVE-2017-18039
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-0.20% / 42.62%
||
7 Day CHG~0.00%
Published-02 Feb, 2018 | 14:00
Updated-16 Sep, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter.

Action-Not Available
Vendor-Atlassian
Product-jiraJira
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-6229
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.71% / 71.41%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 16:00
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to universal cross site scripting.

Action-Not Available
Vendor-Apple Inc.Microsoft Corporation
Product-itunesiphone_ostvossafariwindowsicloudiTunes for WindowsiCloud for WindowsSafariiOStvOS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-3180
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-47.88% / 97.63%
||
7 Day CHG~0.00%
Published-11 Sep, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 and SP2 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted POST request, aka "POST XSS Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-sharepoint_serversharepoint_foundationn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-3648
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 52.54%
||
7 Day CHG~0.00%
Published-28 Jun, 2013 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in KENT-WEB POST-MAIL before 6.7, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an unspecified form field.

Action-Not Available
Vendor-kent-webn/aMicrosoft Corporation
Product-post-mailinternet_explorern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-3179
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-11.88% / 93.47%
||
7 Day CHG~0.00%
Published-11 Sep, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-sharepoint_servicessharepoint_serversharepoint_foundationn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-3649
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 52.54%
||
7 Day CHG~0.00%
Published-28 Jun, 2013 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in KENT-WEB CLIP-MAIL before 3.4, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an unspecified form field.

Action-Not Available
Vendor-kent-webn/aMicrosoft Corporation
Product-internet_explorerclip-mailn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-16862
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.68%
||
7 Day CHG~0.00%
Published-12 Jan, 2018 | 14:00
Updated-16 Sep, 2024 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability.

Action-Not Available
Vendor-Atlassian
Product-jiraJira
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-2408
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.73%
||
7 Day CHG~0.00%
Published-17 Apr, 2013 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology and use of Internet Explorer 6.

Action-Not Available
Vendor-n/aOracle CorporationMicrosoft Corporation
Product-peoplesoft_productsinternet_explorern/a
CVE-2013-2321
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.62% / 69.21%
||
7 Day CHG~0.00%
Published-02 May, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.Microsoft Corporation
Product-windowsservice_manager_web_tiern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-1289
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-61.90% / 98.28%
||
7 Day CHG~0.00%
Published-09 Apr, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_web_appsinfopathgroove_serversharepoint_serversharepoint_foundationn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-3591
Matching Score-8
Assigner-Trellix
ShareView Details
Matching Score-8
Assigner-Trellix
CVSS Score-3.9||LOW
EPSS-0.31% / 53.78%
||
7 Day CHG~0.00%
Published-24 Jul, 2019 | 14:30
Updated-04 Aug, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLP Endpoint ePO extension vulnerable to XSS

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ePO extension in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows unauthenticated remote user to trigger specially crafted JavaScript to render in the ePO UI via a carefully crafted upload to a remote website which is correctly blocked by DLPe Web Protection. This would then render as an XSS when the DLP Admin viewed the event in the ePO UI.

Action-Not Available
Vendor-McAfee, LLCMicrosoft Corporation
Product-windowsdata_loss_prevention_endpointData Loss Prevention ePO extension
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-0942
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 51.60%
||
7 Day CHG~0.00%
Published-22 May, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aThe Apache Software FoundationELAN Microelectronics CorporationMicrosoft Corporation
Product-http_serverinternet_information_serverrsa_authentication_agentn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-0083
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-37.87% / 97.10%
||
7 Day CHG~0.00%
Published-13 Mar, 2013 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-sharepoint_serversharepoint_foundationn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-38492
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.44% / 62.20%
||
7 Day CHG~0.00%
Published-03 Nov, 2021 | 00:03
Updated-21 Oct, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1.

Action-Not Available
Vendor-Mozilla CorporationMicrosoft Corporation
Product-firefoxwindowsthunderbirdfirefox_esrFirefoxFirefox ESRThunderbird
CVE-2013-0010
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-24.93% / 95.94%
||
7 Day CHG~0.00%
Published-09 Jan, 2013 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-system_center_operations_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-39124
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.64%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 04:20
Updated-10 Oct, 2024 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request to bypass CSRF protection and replay a crafted request.

Action-Not Available
Vendor-Atlassian
Product-data_centerjiraJira ServerJira Data Center
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-3402
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-33.44% / 96.78%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 17:38
Updated-16 Sep, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjiraJira
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-16860
Matching Score-8
Assigner-Atlassian
ShareView Details
Matching Score-8
Assigner-Atlassian
CVSS Score-6.1||MEDIUM
EPSS-0.23% / 45.52%
||
7 Day CHG~0.00%
Published-14 May, 2018 | 13:00
Updated-17 Sep, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the redirectUrl parameter link in the redirect warning message.

Action-Not Available
Vendor-Atlassian
Product-application_linksApplication Links
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2006-2384
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-24.78% / 95.93%
||
7 Day CHG~0.00%
Published-13 Jun, 2006 | 19:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2006-2380
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-22.04% / 95.57%
||
7 Day CHG~0.00%
Published-13 Jun, 2006 | 19:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_2000n/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-38650
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.6||HIGH
EPSS-0.82% / 73.46%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:24
Updated-04 Aug, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Spoofing Vulnerability

Microsoft Office Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office 2016Microsoft Office 2013 Service Pack 1Microsoft Office 2019Microsoft Office 2019 for Mac
CVE-2012-4144
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.40% / 60.09%
||
7 Day CHG~0.00%
Published-06 Aug, 2012 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML document.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Linux Kernel Organization, IncOpera
Product-mac_os_xopera_browserlinux_kernelwindowsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2012-4015
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 45.20%
||
7 Day CHG~0.00%
Published-25 Sep, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the management screen in myLittleTools myLittleAdmin for SQL Server 2000 allows remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted database entry.

Action-Not Available
Vendor-mylittletoolsn/aMicrosoft Corporation
Product-mylittleadminsql_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2006-1626
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-52.30% / 97.83%
||
7 Day CHG~0.00%
Published-05 Apr, 2006 | 10:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpinternet_explorern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-36970
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-8.61% / 92.05%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:26
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Print Spooler Spoofing Vulnerability

Windows Print Spooler Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server version 20H2Windows Server 2012 (Server Core installation)Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2006-0032
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-66.59% / 98.47%
||
7 Day CHG~0.00%
Published-12 Sep, 2006 | 23:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_2000windows_2003_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-4681
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.25% / 48.26%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 15:20
Updated-16 Sep, 2024 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171734.

Action-Not Available
Vendor-Oracle CorporationIBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-solarislinux_kernelwindowsaixtivoli_netcool\/impactTivoli Netcool Impact
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2012-2520
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-28.05% / 96.29%
||
7 Day CHG~0.00%
Published-09 Oct, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_web_appslyncsharepoint_serversharepoint_servicesoffice_communicatorgroove_serversharepoint_foundationinfopathn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2005-3967
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.39% / 59.31%
||
7 Day CHG~0.00%
Published-03 Dec, 2005 | 19:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter.

Action-Not Available
Vendor-n/aAtlassian
Product-confluencen/a
CVE-2016-3299
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-7.34% / 91.32%
||
7 Day CHG~0.00%
Published-09 Aug, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to hijack network traffic or bypass intended Enhanced Protected Mode (EPM) or application container protection mechanisms, and consequently render untrusted content in a browser, by leveraging how NetBIOS validates responses, aka "NetBIOS Spoofing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_server_2008windows_rt_8.1windows_vistawindows_server_2012windows_8.1windows_10n/a
CWE ID-CWE-284
Improper Access Control
CVE-2012-2536
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-44.36% / 97.47%
||
7 Day CHG~0.00%
Published-11 Sep, 2012 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-system_center_configuration_managersystems_management_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-2444
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-0.92% / 75.03%
||
7 Day CHG~0.00%
Published-22 Sep, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011.

Action-Not Available
Vendor-n/aMicrosoft CorporationLinux Kernel Organization, IncGoogle LLCSun Microsystems (Oracle Corporation)Apple Inc.Adobe Inc.
Product-linux_kernelwindowsandroidflash_playersunosmac_os_xn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2012-2552
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-57.73% / 98.08%
||
7 Day CHG~0.00%
Published-09 Oct, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-sql_server_reporting_servicessql_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-1418
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.20% / 78.05%
||
7 Day CHG~0.00%
Published-11 Jun, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preceded by spaces.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windows_7webkitwindows_xpwindows_vistasafarimac_os_xmac_os_x_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2012-2848
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 42.28%
||
7 Day CHG~0.00%
Published-06 Aug, 2012 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass intended file access restrictions via a crafted web site.

Action-Not Available
Vendor-n/aMicrosoft CorporationGoogle LLCApple Inc.Linux Kernel Organization, Inc
Product-mac_os_xwindowschromeframelinux_kerneln/a
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 16
  • 17
  • Next
Details not found