Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-11584

Summary
Assigner-atlassian
Assigner Org ID-f08a6ab8-ed46-4c22-8884-d911ccfe3c66
Published At-23 Aug, 2019 | 13:49
Updated At-16 Sep, 2024 | 22:24
Rejected At-
Credits

The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:atlassian
Assigner Org ID:f08a6ab8-ed46-4c22-8884-d911ccfe3c66
Published At:23 Aug, 2019 | 13:49
Updated At:16 Sep, 2024 | 22:24
Rejected At:
▼CVE Numbering Authority (CNA)

The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority.

Affected Products
Vendor
AtlassianAtlassian
Product
Jira
Versions
Affected
  • From unspecified before 8.3.2 (custom)
Problem Types
TypeCWE IDDescription
textN/ACross Site Scripting (XSS)
Type: text
CWE ID: N/A
Description: Cross Site Scripting (XSS)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://jira.atlassian.com/browse/JRASERVER-69785
x_refsource_MISC
Hyperlink: https://jira.atlassian.com/browse/JRASERVER-69785
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://jira.atlassian.com/browse/JRASERVER-69785
x_refsource_MISC
x_transferred
Hyperlink: https://jira.atlassian.com/browse/JRASERVER-69785
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@atlassian.com
Published At:23 Aug, 2019 | 14:15
Updated At:26 Aug, 2019 | 19:43

The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.06.1MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.0
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
Atlassian
atlassian
>>jira>>Versions before 8.3.2(exclusive)
cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://jira.atlassian.com/browse/JRASERVER-69785security@atlassian.com
Issue Tracking
Vendor Advisory
Hyperlink: https://jira.atlassian.com/browse/JRASERVER-69785
Source: security@atlassian.com
Resource:
Issue Tracking
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

12399Records found
CVE-2021-43943
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-4.8||MEDIUM
EPSS-0.41% / 32.66%
||
7 Day CHG~0.00%
Published-24 Feb, 2022 | 04:40
Updated-04 Oct, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa. The affected versions are before version 4.21.0.

Action-Not Available
Vendor-Atlassian
Product-jira_service_managementJira Service Management Data CenterJira Service Management Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-26083
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-5.4||MEDIUM
EPSS-0.60% / 43.94%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 03:25
Updated-17 Oct, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability.

Action-Not Available
Vendor-Atlassian
Product-data_centerjira_serverjira_data_centerjiraJira ServerJira Data Center
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-26082
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-5.4||MEDIUM
EPSS-0.73% / 49.55%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 03:25
Updated-11 Oct, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a stored cross site scripting vulnerability.

Action-Not Available
Vendor-Atlassian
Product-data_centerjira_serverjira_data_centerjiraJira ServerJira Data Center
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-13403
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-5.4||MEDIUM
EPSS-0.94% / 56.37%
||
7 Day CHG~0.00%
Published-13 Feb, 2019 | 18:00
Updated-16 Sep, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjiraJira
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-4013
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-5.4||MEDIUM
EPSS-0.63% / 45.27%
||
7 Day CHG~0.00%
Published-01 Jun, 2020 | 06:35
Updated-16 Sep, 2024 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives.

Action-Not Available
Vendor-Atlassian
Product-fisheyecrucibleFisheyeCrucible
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-4021
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-5.4||MEDIUM
EPSS-1.00% / 58.34%
||
7 Day CHG~0.00%
Published-01 Jun, 2020 | 06:35
Updated-16 Sep, 2024 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the XML export view.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjira_software_data_centerjira_data_centerjiraJira Server and Data Center
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-4024
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-5.4||MEDIUM
EPSS-0.93% / 55.75%
||
7 Day CHG~0.00%
Published-01 Jul, 2020 | 01:35
Updated-16 Sep, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a vnd.wap.xhtml+xml content type.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjira_software_data_centerjira_data_centerjiraJira Server and Data Center
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-4025
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-4.8||MEDIUM
EPSS-0.92% / 55.52%
||
7 Day CHG~0.00%
Published-01 Jul, 2020 | 01:35
Updated-16 Sep, 2024 | 22:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a rdf content type.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjira_software_data_centerjira_data_centerjiraJira Server and Data Center
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-36234
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-4.8||MEDIUM
EPSS-1.01% / 58.71%
||
7 Day CHG~0.00%
Published-15 Feb, 2021 | 00:00
Updated-16 Sep, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.

Action-Not Available
Vendor-Atlassian
Product-data_centerjira_serverjira_data_centerjiraJira ServerJira Data Center
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-36290
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-5.4||MEDIUM
EPSS-0.58% / 42.89%
||
7 Day CHG~0.00%
Published-26 Jul, 2022 | 04:05
Updated-03 Oct, 2024 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the page excerpt functionality.

Action-Not Available
Vendor-Atlassian
Product-confluence_data_centerconfluence_serverConfluence ServerConfluence Data Center
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-29444
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-5.4||MEDIUM
EPSS-0.93% / 55.84%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 06:10
Updated-12 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters.

Action-Not Available
Vendor-Atlassian
Product-confluence_serverconfluence_data_centerConfluence Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-14166
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-4.8||MEDIUM
EPSS-1.94% / 77.50%
||
7 Day CHG~0.00%
Published-01 Jul, 2020 | 01:35
Updated-16 Sep, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.

Action-Not Available
Vendor-Atlassian
Product-jira_service_deskJira Service Desk Server and Data Center
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-14175
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-5.4||MEDIUM
EPSS-1.15% / 62.84%
||
7 Day CHG~0.00%
Published-24 Jul, 2020 | 07:05
Updated-16 Sep, 2024 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2.

Action-Not Available
Vendor-Atlassian
Product-confluence_data_centerconfluence_serverConfluence Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-14173
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-5.4||MEDIUM
EPSS-0.89% / 54.50%
||
7 Day CHG~0.00%
Published-03 Jul, 2020 | 01:50
Updated-16 Sep, 2024 | 21:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjira_software_data_centerjira_data_centerjiraJira Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-14184
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-5.4||MEDIUM
EPSS-0.93% / 56.00%
||
7 Day CHG~0.00%
Published-12 Oct, 2020 | 03:15
Updated-17 Sep, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjiraJira Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20900
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-4.8||MEDIUM
EPSS-0.92% / 55.52%
||
7 Day CHG~0.00%
Published-13 Jul, 2020 | 01:05
Updated-17 Sep, 2024 | 02:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module. The affected versions are before version 8.7.0.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjira_data_centerJira Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20903
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-5.4||MEDIUM
EPSS-1.11% / 61.68%
||
7 Day CHG~0.00%
Published-01 Oct, 2020 | 01:30
Updated-17 Sep, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in link targets.

Action-Not Available
Vendor-Atlassian
Product-editor-core@atlaskit/editor-core
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20416
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-4.8||MEDIUM
EPSS-0.59% / 43.55%
||
7 Day CHG~0.00%
Published-30 Jun, 2020 | 03:00
Updated-17 Sep, 2024 | 04:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature. The affected versions are before version 8.3.0.

Action-Not Available
Vendor-Atlassian
Product-jira_software_data_centerjiraJira Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20414
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-5.4||MEDIUM
EPSS-1.05% / 59.73%
||
7 Day CHG~0.00%
Published-29 Jun, 2020 | 06:15
Updated-16 Sep, 2024 | 22:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in Issue Navigator Basic Search. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjira_software_data_centerjira_data_centerjiraJira Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-15007
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-4.8||MEDIUM
EPSS-0.60% / 43.77%
||
7 Day CHG~0.00%
Published-11 Dec, 2019 | 14:41
Updated-16 Sep, 2024 | 23:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch.

Action-Not Available
Vendor-Atlassian
Product-fisheyecrucibleFisheyeCrucible
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9508
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-5.4||MEDIUM
EPSS-0.83% / 52.60%
||
7 Day CHG~0.00%
Published-24 Aug, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file.

Action-Not Available
Vendor-Atlassian
Product-cruciblefisheyeAtlassian Fisheye and Crucible
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9510
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-5.4||MEDIUM
EPSS-0.82% / 52.33%
||
7 Day CHG~0.00%
Published-24 Aug, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The repository changelog resource in Atlassian Fisheye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters.

Action-Not Available
Vendor-Atlassian
Product-fisheyeAtlassian Fisheye
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9507
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-5.4||MEDIUM
EPSS-0.82% / 52.33%
||
7 Day CHG~0.00%
Published-24 Aug, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter.

Action-Not Available
Vendor-Atlassian
Product-cruciblefisheyeAtlassian Crucible
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9509
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-5.4||MEDIUM
EPSS-0.82% / 52.33%
||
7 Day CHG~0.00%
Published-24 Aug, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file.

Action-Not Available
Vendor-Atlassian
Product-cruciblefisheyeAtlassian Crucible
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18097
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-5.4||MEDIUM
EPSS-0.68% / 47.44%
||
7 Day CHG~0.00%
Published-06 Apr, 2018 | 13:00
Updated-16 Sep, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card.

Action-Not Available
Vendor-Atlassian
Product-jiraJira
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18089
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-5.4||MEDIUM
EPSS-0.68% / 47.44%
||
7 Day CHG~0.00%
Published-16 Feb, 2018 | 18:00
Updated-16 Sep, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The view review history resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the invited reviewers for a review.

Action-Not Available
Vendor-Atlassian
Product-crucibleCrucible
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18040
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-5.4||MEDIUM
EPSS-0.62% / 45.07%
||
7 Day CHG~0.00%
Published-02 Feb, 2018 | 14:00
Updated-16 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.

Action-Not Available
Vendor-Atlassian
Product-bambooBamboo
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18082
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-5.4||MEDIUM
EPSS-0.59% / 43.59%
||
7 Day CHG~0.00%
Published-02 Feb, 2018 | 14:00
Updated-16 Sep, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The plan configure branches resource in Atlassian Bamboo before version 6.2.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a branch.

Action-Not Available
Vendor-Atlassian
Product-bambooBamboo
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18093
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-4.8||MEDIUM
EPSS-0.89% / 54.60%
||
7 Day CHG~0.00%
Published-19 Feb, 2018 | 14:00
Updated-17 Sep, 2024 | 02:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allow remote attackers who have permission to add or modify a repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the location setting of a configured repository.

Action-Not Available
Vendor-Atlassian
Product-fisheyecrucibleFisheye and Crucible
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18092
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-5.4||MEDIUM
EPSS-0.68% / 47.44%
||
7 Day CHG~0.00%
Published-19 Feb, 2018 | 14:00
Updated-17 Sep, 2024 | 04:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The print snippet resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of a comment on the snippet.

Action-Not Available
Vendor-Atlassian
Product-crucibleCrucible
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18084
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-4.8||MEDIUM
EPSS-0.61% / 44.56%
||
7 Day CHG~0.00%
Published-02 Feb, 2018 | 14:00
Updated-16 Sep, 2024 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro.

Action-Not Available
Vendor-Atlassian
Product-confluenceConfluence
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18034
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-5.4||MEDIUM
EPSS-0.60% / 43.85%
||
7 Day CHG~0.00%
Published-02 Feb, 2018 | 14:00
Updated-16 Sep, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The source browse resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in via a specially crafted repository branch name when trying to display deleted files of the branch.

Action-Not Available
Vendor-Atlassian
Product-fisheyecrucibleFisheye and Crucible
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18091
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-4.8||MEDIUM
EPSS-0.89% / 54.61%
||
7 Day CHG~0.00%
Published-16 Feb, 2018 | 18:00
Updated-16 Sep, 2024 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup.

Action-Not Available
Vendor-Atlassian
Product-fisheyecrucibleFisheye and Crucible
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-14587
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-5.4||MEDIUM
EPSS-0.85% / 53.54%
||
7 Day CHG~0.00%
Published-11 Oct, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter.

Action-Not Available
Vendor-Atlassian
Product-cruciblefisheyeAtlassian Fisheye and Crucible
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18094
Matching Score-6
Assigner-Atlassian
ShareView Details
Matching Score-6
Assigner-Atlassian
CVSS Score-4.8||MEDIUM
EPSS-0.62% / 44.80%
||
7 Day CHG~0.00%
Published-22 Mar, 2018 | 13:00
Updated-16 Sep, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the base path setting of a configured file system repository.

Action-Not Available
Vendor-Atlassian
Product-fisheyecrucibleFisheye and Crucible
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-5103
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.56% / 83.03%
||
7 Day CHG~0.00%
Published-21 Oct, 2011 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in ATCOM Netvolution 1.0 ASP allows remote attackers to inject arbitrary web script or HTML via the email variable.

Action-Not Available
Vendor-atcomn/a
Product-netvolutionn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-10864
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.39% / 68.78%
||
7 Day CHG~0.00%
Published-23 Apr, 2019 | 17:42
Updated-04 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request.

Action-Not Available
Vendor-veronalabsn/a
Product-wp_statisticsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-4980
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.04% / 59.57%
||
7 Day CHG~0.00%
Published-25 Aug, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Photokorn Gallery 1.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) where[] parameter to search.php and (2) qc parameter to admin.php.

Action-Not Available
Vendor-keil-softwaren/a
Product-photokorn_galleryn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-2340
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.1||MEDIUM
EPSS-0.48% / 37.50%
||
7 Day CHG~0.00%
Published-27 Apr, 2023 | 00:00
Updated-31 Jan, 2025 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.

Action-Not Available
Vendor-Pimcore
Product-pimcorepimcore/pimcore
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-11629
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.74% / 49.81%
||
7 Day CHG~0.00%
Published-07 May, 2019 | 17:23
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS.

Action-Not Available
Vendor-n/aSonatype, Inc.
Product-nexus_repository_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-10670
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.82% / 52.36%
||
7 Day CHG~0.00%
Published-09 Sep, 2019 | 13:07
Updated-04 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in LibreNMS through 1.47. Many of the scripts rely on the function mysqli_escape_real_string for filtering data. However, this is particularly ineffective when returning user supplied input in an HTML or a JavaScript context, resulting in unsafe data being injected into these contexts, leading to attacker controlled JavaScript executing in the browser. One example of this is the string parameter in html/pages/inventory.inc.php.

Action-Not Available
Vendor-n/aLibreNMS
Product-librenmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-1000193
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.00% / 58.38%
||
7 Day CHG~0.00%
Published-17 Nov, 2017 | 02:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser.

Action-Not Available
Vendor-octobercmsn/a
Product-octobern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-11543
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.3||HIGH
EPSS-3.11% / 86.09%
||
7 Day CHG~0.00%
Published-26 Apr, 2019 | 01:40
Updated-15 Nov, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.

Action-Not Available
Vendor-n/aIvanti SoftwarePulse Secure
Product-pulse_policy_securepulse_connect_secureconnect_securen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-10785
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-6.1||MEDIUM
EPSS-1.81% / 75.74%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 16:02
Updated-04 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.

Action-Not Available
Vendor-n/aDebian GNU/LinuxThe Linux Foundation
Product-dojoxdebian_linuxdojox
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-11032
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.86% / 53.82%
||
7 Day CHG~0.00%
Published-24 Apr, 2019 | 14:53
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In EasyToRecruit (E2R) before 2.11, the upload feature and the Candidate Profile Management feature are prone to Cross Site Scripting (XSS) injection in multiple locations.

Action-Not Available
Vendor-hr-technologiesn/a
Product-easytorecruitn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-11464
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.85% / 53.37%
||
7 Day CHG~0.00%
Published-10 Sep, 2019 | 16:38
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some enterprises require that REST API endpoints include security-related headers in REST responses. Headers such as X-Frame-Options and X-Content-Type-Options are generally advisable, however some information security professionals additionally look for X-Permitted-Cross-Domain-Policies and X-XSS-Protection, which are more generally applicable to HTML endpoint, to be included too. These headers were not included in Couchbase Server 5.5.0 and 5.1.2 . They are now included in version 6.0.2 in responses from the Couchbase Server Views REST API (port 8092).

Action-Not Available
Vendor-n/aCouchbase, Inc.
Product-couchbase_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-1000042
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.93% / 56.00%
||
7 Day CHG~0.00%
Published-13 Jul, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name.

Action-Not Available
Vendor-mapbox_projectn/a
Product-mapboxn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-11556
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.97% / 57.42%
||
7 Day CHG+0.01%
Published-25 Sep, 2020 | 05:56
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pagure before 5.6 allows XSS via the templates/blame.html blame view.

Action-Not Available
Vendor-n/aRed Hat, Inc.openSUSE
Product-pagurebackports_sleleapn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-15930
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-4.38% / 90.02%
||
7 Day CHG+0.18%
Published-24 Sep, 2020 | 18:41
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag.

Action-Not Available
Vendor-joplin_projectn/a
Product-joplinn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-44585
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.89% / 54.72%
||
7 Day CHG~0.00%
Published-10 Mar, 2022 | 20:02
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event.

Action-Not Available
Vendor-jeecgn/a
Product-jeecg_bootn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 247
  • 248
  • Next
Details not found