Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-1565

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-09 Feb, 2015 | 17:00
Updated At-17 Sep, 2024 | 02:15
Rejected At-
Credits

Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:09 Feb, 2015 | 17:00
Updated At:17 Sep, 2024 | 02:15
Rejected At:
▼CVE Numbering Authority (CNA)

Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/62579
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/62584
third-party-advisory
x_refsource_SECUNIA
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-001/index.html
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/62579
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/62584
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-001/index.html
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/62579
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/62584
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-001/index.html
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/62579
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/62584
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-001/index.html
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:09 Feb, 2015 | 17:59
Updated At:12 Apr, 2025 | 10:46

Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
Hitachi, Ltd.
hitachi
>>device_manager>>Versions up to 8.1.1(inclusive)
cpe:2.3:a:hitachi:device_manager:*:*:*:*:*:*:*:*
Hitachi, Ltd.
hitachi
>>replication_manager>>Versions up to 8.1.1(inclusive)
cpe:2.3:a:hitachi:replication_manager:*:*:*:*:*:*:*:*
Hitachi, Ltd.
hitachi
>>tiered_storage_manager>>Versions up to 8.1.1(inclusive)
cpe:2.3:a:hitachi:tiered_storage_manager:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
Novell
novell
>>opensuse>>*
cpe:2.3:o:novell:opensuse:*:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>*
cpe:2.3:o:redhat:enterprise_linux:*:*:*:*:*:*:*:*
Hitachi, Ltd.
hitachi
>>compute_systems_manager>>Versions up to 7.6.1(inclusive)
cpe:2.3:a:hitachi:compute_systems_manager:*:*:*:*:*:*:*:*
Hitachi, Ltd.
hitachi
>>compute_systems_manager>>8.0.0
cpe:2.3:a:hitachi:compute_systems_manager:8.0.0:*:*:*:*:*:*:*
Hitachi, Ltd.
hitachi
>>compute_systems_manager>>8.1.0
cpe:2.3:a:hitachi:compute_systems_manager:8.1.0:*:*:*:*:*:*:*
Hitachi, Ltd.
hitachi
>>compute_systems_manager>>8.1.1
cpe:2.3:a:hitachi:compute_systems_manager:8.1.1:*:*:*:*:*:*:*
Hitachi, Ltd.
hitachi
>>global_link_manager>>Versions up to 8.1.1(inclusive)
cpe:2.3:a:hitachi:global_link_manager:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://secunia.com/advisories/62579cve@mitre.org
N/A
http://secunia.com/advisories/62584cve@mitre.org
N/A
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-001/index.htmlcve@mitre.org
Vendor Advisory
http://secunia.com/advisories/62579af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/62584af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-001/index.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://secunia.com/advisories/62579
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/62584
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-001/index.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/62579
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/62584
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-001/index.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

13138Records found
CVE-2015-1812
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 40.38%
||
7 Day CHG~0.00%
Published-16 Oct, 2015 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813.

Action-Not Available
Vendor-n/aRed Hat, Inc.Jenkins
Product-openshiftjenkinsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-2531
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-15.20% / 94.34%
||
7 Day CHG~0.00%
Published-09 Sep, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-skype_for_business_serverlync_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-1632
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-6.64% / 90.82%
||
7 Day CHG~0.00%
Published-11 Mar, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via the msgParam parameter in an authError action, aka "Exchange Error Message Cross Site Scripting Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exchange_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-1286
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.69% / 70.79%
||
7 Day CHG~0.00%
Published-23 Jul, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context restriction, aka a Blink "Universal XSS (UXSS)."

Action-Not Available
Vendor-n/aopenSUSERed Hat, Inc.Google LLCDebian GNU/Linux
Product-debian_linuxenterprise_linux_workstation_supplementaryopensuseenterprise_linux_server_supplementarychromeenterprise_linux_server_supplementary_eusenterprise_linux_desktop_supplementaryn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-1757
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-12.41% / 93.64%
||
7 Day CHG~0.00%
Published-10 Jun, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote attackers to inject arbitrary web script or HTML via the wct parameter, aka "ADFS XSS Elevation of Privilege Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-active_directory_federation_servicesn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-1639
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-6.93% / 91.03%
||
7 Day CHG~0.00%
Published-14 Apr, 2015 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Outlook App for Mac XSS Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-1640
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-8.96% / 92.25%
||
7 Day CHG~0.00%
Published-14 Apr, 2015 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Microsoft Project Server 2010 SP2 and 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-project_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-1628
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-6.93% / 91.03%
||
7 Day CHG~0.00%
Published-11 Mar, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted X-OWA-Canary cookie in an AD.RecipientType.User action, aka "OWA Modified Canary Parameter Cross Site Scripting Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exchange_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2007-5961
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.33% / 55.23%
||
7 Day CHG~0.00%
Published-23 May, 2008 | 14:00
Updated-07 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Red Hat Network channel search feature, as used in RHN and Red Hat Network Satellite before 5.0.2, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-network_satelliten/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2007-5702
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.92% / 75.03%
||
7 Day CHG~0.00%
Published-29 Oct, 2007 | 22:00
Updated-07 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in swamp/action/LoginActions (aka the login box) in the Novell OpenSUSE SWAMP Workflow Administration and Management Platform 1.x allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aNovell
Product-opensuse_swampn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2007-4760
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 52.19%
||
7 Day CHG~0.00%
Published-08 Sep, 2007 | 10:00
Updated-07 Aug, 2024 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The javadoc tool in Cosminexus Developer's Kit for Java in Cosminexus 7 and 7.5 can generate HTML documents that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this is probably the same issue as CVE-2007-3503.

Action-Not Available
Vendor-n/aHitachi, Ltd.
Product-ucosminexus_application_server_enterpriseucosminexus_application_server_standarducosminexus_developer_standarducosminexus_service_platformn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-0298
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 54.59%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-mod_clustern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2007-4557
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.48%
||
7 Day CHG~0.00%
Published-28 Aug, 2007 | 01:00
Updated-16 Sep, 2024 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter, as demonstrated by a URL within a url field in a STYLE element, possibly due to an incomplete fix for CVE-2004-2103.2.

Action-Not Available
Vendor-n/aNovell
Product-groupwise_webaccessn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-1630
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-6.93% / 91.03%
||
7 Day CHG~0.00%
Published-11 Mar, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Audit Report Cross Site Scripting Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exchange_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-1653
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-8.96% / 92.25%
||
7 Day CHG~0.00%
Published-14 Apr, 2015 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint Server 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-sharepoint_serversharepoint_foundationn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2007-4040
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-16.60% / 94.66%
||
7 Day CHG~0.00%
Published-27 Jul, 2007 | 22:00
Updated-03 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-outlookoutlook_expressn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2007-3954
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.22% / 78.28%
||
7 Day CHG~0.00%
Published-24 Jul, 2007 | 17:00
Updated-16 Sep, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking SeaMonkey.exe, a related issue to CVE-2007-3670.

Action-Not Available
Vendor-n/aMozilla CorporationMicrosoft Corporation
Product-seamonkeyinternet_explorern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2007-3670
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-49.73% / 97.73%
||
7 Day CHG~0.00%
Published-10 Jul, 2007 | 19:00
Updated-07 Aug, 2024 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."

Action-Not Available
Vendor-n/aMozilla CorporationMicrosoft Corporation
Product-firefoxinternet_explorern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2007-3760
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.18% / 77.90%
||
7 Day CHG~0.00%
Published-27 Sep, 2007 | 22:00
Updated-07 Aug, 2024 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-iphone_oswindows_vistasafariwindows_xpmac_os_xn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2007-3758
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.39% / 79.56%
||
7 Day CHG~0.00%
Published-27 Sep, 2007 | 22:00
Updated-07 Aug, 2024 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-iphone_oswindows_vistasafariwindows_xpmac_os_xn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-1629
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-6.93% / 91.03%
||
7 Day CHG~0.00%
Published-11 Mar, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "ExchangeDLP Cross Site Scripting Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exchange_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2007-3033
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-42.33% / 97.36%
||
7 Day CHG~0.00%
Published-14 Aug, 2007 | 22:00
Updated-07 Aug, 2024 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zone.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_vistan/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-0072
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-88.55% / 99.48%
||
7 Day CHG~0.00%
Published-07 Feb, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka "Universal XSS (UXSS)."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2007-2400
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 53.14%
||
7 Day CHG~0.00%
Published-25 Jun, 2007 | 19:00
Updated-07 Aug, 2024 | 13:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-iphone_oswindows_vistasafariwindows_xpmac_os_xn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2007-2581
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-73.35% / 98.74%
||
7 Day CHG~0.00%
Published-09 May, 2007 | 21:00
Updated-07 Aug, 2024 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-sharepoint_serversharepoint_serviceswindows_2003n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2007-1499
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-66.02% / 98.45%
||
7 Day CHG~0.00%
Published-17 Mar, 2007 | 10:00
Updated-07 Aug, 2024 | 12:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_vistaien/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29712
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.15% / 36.09%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 16:55
Updated-16 Sep, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 200966.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-0010
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-24.93% / 95.94%
||
7 Day CHG~0.00%
Published-09 Jan, 2013 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-system_center_operations_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-1345
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.4||HIGH
EPSS-0.54% / 66.47%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 17:09
Updated-04 Aug, 2024 | 06:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office SharePoint XSS Vulnerability

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Foundation 2010 Service Pack 2
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-1327
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.61% / 68.65%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:44
Updated-04 Aug, 2024 | 06:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_devops_serverAzure DevOps ServerAzure DevOps Server 2019 Update 1.1Azure DevOps Server 2019
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2006-4220
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.62% / 68.97%
||
7 Day CHG~0.00%
Published-05 Feb, 2008 | 11:00
Updated-07 Aug, 2024 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters.

Action-Not Available
Vendor-n/aNovell
Product-groupwisegroupwise_webaccessn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-26582
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.1||MEDIUM
EPSS-0.30% / 52.80%
||
7 Day CHG~0.00%
Published-15 Apr, 2021 | 17:50
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be exploited remotely to allow cross-site scripting (XSS).

Action-Not Available
Vendor-n/aMicrosoft CorporationHP Inc.Red Hat, Inc.
Product-icewall_sso_dgfwwindowsenterprise_linuxhp-uxIceWall SSO Dgfw
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-1198
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.4||HIGH
EPSS-0.52% / 65.78%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 17:09
Updated-18 Nov, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office SharePoint XSS Vulnerability

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2013 Service Pack 1
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-11583
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.87% / 82.37%
||
7 Day CHG~0.00%
Published-03 Aug, 2020 | 20:12
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.

Action-Not Available
Vendor-n/aMicrosoft CorporationPlesk (WebPros International GmbH)
Product-obsidianwindowsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2006-3918
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-90.11% / 99.57%
||
7 Day CHG~0.00%
Published-28 Jul, 2006 | 00:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

Action-Not Available
Vendor-n/aThe Apache Software FoundationDebian GNU/LinuxRed Hat, Inc.Canonical Ltd.
Product-enterprise_linux_serverubuntu_linuxhttp_serverenterprise_linux_workstationdebian_linuxn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-12685
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.32% / 54.37%
||
7 Day CHG~0.00%
Published-15 May, 2020 | 16:53
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XSS in the admin help system admin/help.html and admin/quicklinks.html in Interchange 4.7.0 through 5.11.x allows remote attackers to steal credentials or data via browser JavaScript.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-interchangen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-6325
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-5.13% / 89.47%
||
7 Day CHG~0.00%
Published-11 Dec, 2014 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6326.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exchange_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-5212
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-12.72% / 93.73%
||
7 Day CHG~0.00%
Published-19 Dec, 2014 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter.

Action-Not Available
Vendor-n/aNovell
Product-edirectoryn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-3079
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.43% / 61.72%
||
7 Day CHG~0.00%
Published-14 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM).

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-satellitespacewalk-javan/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-4070
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-18.34% / 94.97%
||
7 Day CHG~0.00%
Published-10 Sep, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync XSS Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-lync_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-3654
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 52.97%
||
7 Day CHG~0.00%
Published-03 Nov, 2014 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do.

Action-Not Available
Vendor-n/aRed Hat, Inc.SUSE
Product-satellite_with_embedded_oraclemanager_serversuse_linux_enterprise_serversatellitespacewalk-javamanagern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-3681
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.82%
||
7 Day CHG~0.00%
Published-15 Oct, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aRed Hat, Inc.Jenkins
Product-openshiftjenkinsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-4189
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 51.58%
||
7 Day CHG~0.00%
Published-17 Jun, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aHitachi, Ltd.
Product-jp1\/performance_management-manager_web_optiontuning_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-3649
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.34% / 56.05%
||
7 Day CHG~0.00%
Published-04 Nov, 2019 | 14:02
Updated-06 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JBoss AeroGear has reflected XSS via the password field

Action-Not Available
Vendor-JBossRed Hat, Inc.
Product-jboss_aerogearAeroGear
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2006-0032
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-66.59% / 98.47%
||
7 Day CHG~0.00%
Published-12 Sep, 2006 | 23:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_2000windows_2003_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-3592
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.34% / 56.05%
||
7 Day CHG~0.00%
Published-13 Nov, 2019 | 15:33
Updated-06 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenShift Origin: Improperly validated team names could allow stored XSS attacks

Action-Not Available
Vendor-OpenShift OriginRed Hat, Inc.
Product-openshift_originOpenShift Origin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-11556
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.59% / 68.13%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 05:56
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pagure before 5.6 allows XSS via the templates/blame.html blame view.

Action-Not Available
Vendor-n/aRed Hat, Inc.openSUSE
Product-pagurebackports_sleleapn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-1823
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-25.98% / 96.07%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2010 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing a valid meeting ID, aka "Lync Server Content Sanitization Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-lync_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-1530
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.76% / 72.28%
||
7 Day CHG~0.00%
Published-30 Apr, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSERed Hat, Inc.Fedora ProjectDebian GNU/LinuxCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_eusfirefoxenterprise_linux_server_eusthunderbirddebian_linuxenterprise_linux_server_ausfedoraseamonkeyfirefox_esrubuntu_linuxenterprise_linux_desktopopensusesuse_linux_enterprise_serverenterprise_linux_server_tusenterprise_linux_workstationn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-10219
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.86% / 82.32%
||
7 Day CHG~0.00%
Published-08 Nov, 2019 | 14:46
Updated-07 Jul, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

Action-Not Available
Vendor-HibernateOracle CorporationNetApp, Inc.Red Hat, Inc.
Product-communications_pricing_design_centeragile_product_lifecycle_management_integration_packcommunications_cloud_native_core_consolemysql_serverdata_integratorbanking_platformcommerce_platformwebcenter_portalfuseretail_order_brokerpolicy_automationpeoplesoft_enterprise_peopletoolsweblogic_servere-business_suitemysql_clustercommunications_data_modelenterprise_manager_ops_centeressbaseretail_back_officecommunications_cloud_native_core_network_repository_functionhospitality_reporting_and_analyticscommunications_metasolv_solutioncommunications_offline_mediation_controllerpeoplesoft_enterprise_cs_sa_integration_packflexcube_private_bankingretail_predictive_application_serverhealthcare_data_repositoryjd_edwards_enterpriseone_orchestratorcommunications_cloud_native_core_unified_data_repositoryclinicalenterprise_session_border_controllerinsurance_rules_palettecommunications_webrtc_session_controllerretail_financial_integrationflexcube_investor_servicinghealthcare_foundationcommunications_network_integritymysql_connectorshospitality_opera_5_property_servicescommunications_diameter_signaling_routenosql_databasetimesten_in-memory_databasebusiness_process_management_suiteretail_allocationfujitsu_m12-2_firmwareretail_assortment_planningsolarisbanking_apisprimavera_p6_professional_project_managementgraph_server_and_clientjboss_enterprise_application_platformretail_customer_management_and_segmentation_foundationapplication_performance_managementdatabase_serverfinancial_services_analytical_applications_infrastructureapplication_testing_suitebanking_deposits_and_lines_of_credit_servicingfujitsu_m10-4elementretail_order_management_systemutilities_frameworkprimavera_unifiercommunications_convergencebig_data_spatial_and_graphfinancial_services_enterprise_case_managementhealth_sciences_clinical_development_analyticsretail_returns_managementargus_analyticshospitality_cruise_shipboard_property_management_systemfusion_middleware_mapviewerutilities_testing_acceleratorsiebel_applicationsfujitsu_m12-2svm_virtualboxcommunications_cloud_native_core_automated_test_suitecommunications_converged_application_server_-_service_controllerretail_point-of-saleretail_service_backboneretail_integration_buscommunications_convergent_charging_controllerinsurance_insbridge_rating_and_underwritingaccess_managerenterprise_manager_base_platformretail_customer_insightsreal-time_decision_serverjboss_data_gridfujitsu_m10-4sessbase_administration_serviceshyperion_infrastructure_technologyfujitsu_m12-1_firmwarebusiness_activity_monitoringprimavera_data_warehousecommunications_session_border_controllergoldengate_application_adaptershealth_sciences_information_managermanagement_services_for_element_software_and_netapp_hcipeoplesoft_enterprise_people_toolsrest_data_servicesairlines_data_modelretail_size_profile_optimizationdocumakergoldengateretail_central_officeapplication_expresssnapcenter_plug-inhealth_sciences_inform_crf_submitcommunications_billing_and_revenue_managementinsurance_data_gatewayfujitsu_m12-1primavera_portfolio_managementspatial_studiohyperion_financial_managementretail_analyticsretail_fiscal_managementfinancial_services_foreign_account_tax_compliance_act_managementbanking_digital_experiencecommunications_services_gatekeeperfinancial_services_behavior_detection_platforminstantis_enterprisetrackenterprise_communications_brokerbanking_loans_servicingcommunications_service_brokercommunications_cloud_native_core_service_communication_proxysecure_backupcommunications_operations_monitorfinancial_services_trade-based_anti_money_launderingcommunications_cloud_native_core_security_edge_protection_proxyenterprise_data_qualityretail_price_managementbanking_enterprise_default_managementinsurance_policy_administration_j2eecommunications_cloud_native_core_network_function_cloud_native_environmentcommunications_unified_inventory_managementretail_eftlinkcommunications_eagle_application_processorcommunications_design_studiobanking_enterprise_default_managmentagile_engineering_data_managementjdkcommunications_contacts_serveropenshift_application_runtimeshibernate_validatorhyperion_ilearningrapid_planninggraalvmcommunications_application_session_controllerenterprise_linuxretail_invoice_matchingargus_insightdemantra_demand_managementfujitsu_m10-1banking_party_managementhttp_serverfinancial_services_model_management_and_governancehospitality_suite8communications_cloud_native_core_binding_support_functioncommunications_cloud_native_core_policycommunications_network_charging_and_controlhealthcare_translational_researchcommerce_guided_searchprimavera_p6_enterprise_project_portfolio_managementretail_extract_transform_and_loadcommunications_calendar_servercommunications_billing_and_revenue_management_elastic_charging_enginebusiness_intelligencefusion_middlewaresd-wan_awareagile_product_lifecycle_analyticscommunications_messaging_serverzfs_storage_appliance_kitfujitsu_m10-4s_firmwareinsurance_policy_administrationcommunications_instant_messaging_serverargus_safetyfujitsu_m12-2agile_plmactive_iq_unified_managerfujitsu_m10-4_firmwareretail_xstore_point_of_servicereal_user_experience_insightzfs_storage_application_integration_engineering_softwareprimavera_analyticscommunications_interactive_session_recordersingle_sign-onbi_publisheross_support_toolsjava_semysql_workbenchprimavera_gatewaymanaged_file_transferthesaurus_management_systemsd-wan_edgeretail_merchandising_systemfujitsu_m12-2s_firmwarefujitsu_m10-1_firmwarehibernate-validator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 262
  • 263
  • Next
Details not found