Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-15814

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-04 Sep, 2019 | 13:50
Updated At-05 Aug, 2024 | 00:56
Rejected At-
Credits

Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:04 Sep, 2019 | 13:50
Updated At:05 Aug, 2024 | 00:56
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/47324
exploit
x_refsource_EXPLOIT-DB
Hyperlink: https://www.exploit-db.com/exploits/47324
Resource:
exploit
x_refsource_EXPLOIT-DB
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/47324
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/47324
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:04 Sep, 2019 | 14:15
Updated At:04 Sep, 2019 | 17:49

Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.4MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary2.03.5LOW
AV:N/AC:M/Au:S/C:N/I:P/A:N
Type: Primary
Version: 3.0
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Type: Primary
Version: 2.0
Base score: 3.5
Base severity: LOW
Vector:
AV:N/AC:M/Au:S/C:N/I:P/A:N
CPE Matches
sentrifugo
sentrifugo
>>sentrifugo>>3.2
cpe:2.3:a:sentrifugo:sentrifugo:3.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.exploit-db.com/exploits/47324cve@mitre.org
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://www.exploit-db.com/exploits/47324
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

6353Records found
CVE-2021-24382
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-5.4||MEDIUM
EPSS-0.42% / 61.46%
||
7 Day CHG~0.00%
Published-14 Jun, 2021 | 13:37
Updated-03 Aug, 2024 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Smart Slider 3 < 3.5.0.9 - Authenticated Stored Cross-Site Scripting (XSS)

The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. By default, only administrator users could access the affected functionality, limiting the exploitability of the vulnerability. However, some WordPress admins may allow lesser privileged users to access the plugin's functionality, in which case, privilege escalation could be performed.

Action-Not Available
Vendor-nextendwebNextend
Product-smart_sliderSmart Slider 3
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29819
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.24% / 46.70%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 16:45
Updated-16 Sep, 2024 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204346.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_netcool\/omnibus_webguiTivoli Netcool/OMNIbus
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29788
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.24% / 46.06%
||
7 Day CHG~0.00%
Published-18 Jul, 2022 | 17:00
Updated-17 Sep, 2024 | 00:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203310.

Action-Not Available
Vendor-IBM Corporation
Product-engineering_requirements_quality_assistant_on-premisesEngineering Requirements Quality Assistant On-Premises
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3012
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 34.31%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 10:15
Updated-03 Aug, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Parameters tab).

Action-Not Available
Vendor-n/aEnvironmental Systems Research Institute, Inc. ("Esri")
Product-arcgis_enterprisen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29661
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.42% / 61.49%
||
7 Day CHG~0.00%
Published-02 Apr, 2021 | 18:43
Updated-03 Aug, 2024 | 22:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it.

Action-Not Available
Vendor-softingn/a
Product-opc_toolboxn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29835
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 36.52%
||
7 Day CHG~0.00%
Published-22 Oct, 2021 | 19:00
Updated-16 Sep, 2024 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204833.

Action-Not Available
Vendor-IBM Corporation
Product-business_automation_workflowBusiness Automation Workflow
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-30111
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.24% / 47.03%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 11:16
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed.

Action-Not Available
Vendor-web-schooln/a
Product-enterprise_resource_planningn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-0370
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.24% / 46.06%
||
7 Day CHG~0.00%
Published-21 Jan, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or edit content and administer blocks, to inject arbitrary web script or HTML via the edit-title parameter (aka block title).

Action-Not Available
Vendor-thomas_turnbullroger_lopezn/aThe Drupal Association
Product-drupalnodeblockn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-30170
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.6||MEDIUM
EPSS-0.27% / 50.58%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 09:30
Updated-16 Sep, 2024 | 23:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Jun-He Technology Ltd. ERP POS - Stored XSS-1

Special characters of ERP POS customer profile page are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks, additionally access and manipulate customer’s information.

Action-Not Available
Vendor-junhetecJun-He Technology Ltd.
Product-enterprise_resource_planning_point_of_sale_systemERP POS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29804
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.20% / 41.54%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 16:05
Updated-16 Sep, 2024 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204262.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_netcool\/omnibus_guiTivoli Netcool/OMNIbus
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-0716
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-4.72% / 89.18%
||
7 Day CHG~0.00%
Published-26 Feb, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

_layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-sharepoint_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29807
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.20% / 41.54%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 16:45
Updated-17 Sep, 2024 | 03:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204265.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_netcool\/omnibus_webguiTivoli Netcool/OMNIbus
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-0460
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.34% / 55.90%
||
7 Day CHG~0.00%
Published-28 Jan, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in staff/index.php in Kayako SupportSuite 3.60.04 and earlier allow remote authenticated users to inject arbitrary web script or HTML via the (1) subject parameter and (2) contents parameter (aka body) in an insertquestion action. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-kayakon/a
Product-esupportsupportsuiten/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-28961
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 42.69%
||
7 Day CHG~0.00%
Published-22 Oct, 2021 | 19:20
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Perfex CRM v2.4.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component ./clients/client via the company name parameter.

Action-Not Available
Vendor-perfexcrmn/a
Product-perfex_crmn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29912
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 29.67%
||
7 Day CHG~0.00%
Published-19 Oct, 2021 | 15:15
Updated-16 Sep, 2024 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828.

Action-Not Available
Vendor-Red Hat, Inc.IBM Corporation
Product-openshiftsecurity_risk_manager_on_cp4sCloud Pak for Security
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29817
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 43.01%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 16:45
Updated-16 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204343.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_netcool\/omnibus_webguiTivoli Netcool/OMNIbus
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29735
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.10% / 28.10%
||
7 Day CHG~0.00%
Published-08 Nov, 2021 | 16:50
Updated-16 Sep, 2024 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-30211
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.18% / 40.26%
||
7 Day CHG~0.00%
Published-12 May, 2021 | 16:12
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/restful-services/signup/update' via the 'surname' parameter.

Action-Not Available
Vendor-engn/a
Product-knowagen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29771
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 36.70%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 16:00
Updated-16 Sep, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-26669
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.37% / 58.34%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 14:13
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stored cross-site scripting (XSS) vulnerability was discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary web scripts or HTML via the page content to site/index.php/admin/pages/update.

Action-Not Available
Vendor-bigtreecmsn/a
Product-bigtree_cmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-30637
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 35.20%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 04:58
Updated-03 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php.

Action-Not Available
Vendor-htmlyn/a
Product-htmlyn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29852
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 34.41%
||
7 Day CHG~0.00%
Published-01 Sep, 2021 | 16:20
Updated-17 Sep, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205528.

Action-Not Available
Vendor-IBM Corporation
Product-planning_analyticsPlanning Analytics Local
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29821
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 43.01%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 16:45
Updated-16 Sep, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204348.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_netcool\/omnibus_webguiTivoli Netcool/OMNIbus
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29905
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 43.01%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 18:05
Updated-17 Sep, 2024 | 01:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207616.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelaixwindowsjazz_for_service_managementJazz for Service Management
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-61949
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-4.8||MEDIUM
EPSS-0.04% / 12.05%
||
7 Day CHG~0.00%
Published-21 Nov, 2025 | 06:17
Updated-05 Dec, 2025 | 15:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product's management page.

Action-Not Available
Vendor-secuavailLogStare Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-logstare_collectorlinux_kernelwindowsLogStare Collector (for Linux)LogStare Collector (for Windows)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29800
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.20% / 41.54%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 16:05
Updated-16 Sep, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Action-Not Available
Vendor-IBM Corporation
Product-jazz_for_service_managementtivoli_netcool\/omnibus_webguiJazz for Service Management
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-26407
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.51%
||
7 Day CHG~0.00%
Published-10 Dec, 2020 | 05:16
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitlab CE/EE
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-4429
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.66% / 70.58%
||
7 Day CHG~0.00%
Published-28 Dec, 2009 | 18:27
Updated-07 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name (aka the Name field).

Action-Not Available
Vendor-alexander_hassn/aThe Drupal Association
Product-sections_moduledrupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-30171
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-4.6||MEDIUM
EPSS-0.27% / 50.58%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 09:30
Updated-17 Sep, 2024 | 01:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Jun-He Technology Ltd. ERP POS - Stored XSS-2

Special characters of ERP POS news page are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks, additionally access and manipulate customer’s information.

Action-Not Available
Vendor-junhetecJun-He Technology Ltd.
Product-enterprise_resource_planning_point_of_sale_systemERP POS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-30042
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 35.20%
||
7 Day CHG~0.00%
Published-12 Apr, 2021 | 23:06
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name", "Clinic Address", "Clinic City", or "Clinic Contact" field on clinics/register.php

Action-Not Available
Vendor-remoteclinicn/a
Product-remote_clinicn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29813
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.20% / 41.54%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 18:05
Updated-17 Sep, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204331.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelaixwindowsjazz_for_service_managementJazz for Service Management
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29841
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 43.01%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 13:25
Updated-17 Sep, 2024 | 03:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205045.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernellinux_on_ibm_zfinancial_transaction_managerz\/osaixFinancial Transaction Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-26517
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.31% / 53.79%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 12:42
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site scripting (XSS) issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project (Authn users), using the users import functionality (Admin only), and changing the login text in the application configuration (Admin only).

Action-Not Available
Vendor-intlandn/a
Product-codebeamern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-4514
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.21% / 42.90%
||
7 Day CHG~0.00%
Published-31 Dec, 2009 | 19:00
Updated-16 Sep, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the OpenSocial Shindig-Integrator module 5.x and 6.x before 6.x-2.1, a module for Drupal, allows remote authenticated users, with "create application" privileges, to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-astha_bhatnagarn/aThe Drupal Association
Product-shindigintegratordrupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29822
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 43.01%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 16:05
Updated-16 Sep, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204349.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_netcool\/omnibus_guiTivoli Netcool/OMNIbus
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29764
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.15% / 35.49%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 17:10
Updated-16 Sep, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 202268.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-30039
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 35.20%
||
7 Day CHG~0.00%
Published-12 Apr, 2021 | 23:06
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "Blood Pressure" field on the patients/register-report.php.

Action-Not Available
Vendor-remoteclinicn/a
Product-remote_clinicn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-26680
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.30% / 53.16%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 11:54
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In vFairs 3.3, any user logged in to a vFairs virtual conference or event can modify any other users profile information to include a cross-site scripting payload. The user data stored by the database includes HTML tags that are intentionally rendered out onto the page, and this can be abused to perform XSS attacks.

Action-Not Available
Vendor-vfairsn/a
Product-vfairsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-27666
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.28% / 51.14%
||
7 Day CHG~0.00%
Published-22 Oct, 2020 | 18:19
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature.

Action-Not Available
Vendor-n/aStrapi, Inc.
Product-strapin/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-30056
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 42.69%
||
7 Day CHG~0.00%
Published-05 Apr, 2021 | 10:45
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in /restful-services/publish via the 'EXEC_FROM' parameter that can lead to data leakage.

Action-Not Available
Vendor-engn/a
Product-knowagen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3043
Matching Score-4
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Palo Alto Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.16% / 36.93%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 16:45
Updated-17 Sep, 2024 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prisma Cloud: Cross-Site Scripting (XSS) Vulnerability in Prisma Cloud Compute Web Console

A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. No additional action is required for these instances. This issue impacts: Prisma Cloud Compute 20.12 versions earlier than Prisma Cloud Compute 20.12.552; Prisma Cloud Compute 21.04 versions earlier than Prisma Cloud Compute 21.04.439.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-prisma_cloudPrisma Cloud Compute
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-26280
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.9||HIGH
EPSS-0.47% / 64.17%
||
7 Day CHG~0.00%
Published-18 Dec, 2020 | 18:25
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XSS in OpenSlides

OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and elections of assemblies. OpenSlides version 3.2, due to unsufficient user input validation and escaping, it is vulnerable to persistant cross-site scripting (XSS). In the web applications users can enter rich text in various places, e.g. for personal notes or in motions. These fields can be used to store arbitrary JavaScript Code that will be executed when other users read the respective text. An attacker could utilize this vulnerability be used to manipulate votes of other users, hijack the moderators session or simply disturb the meeting. The vulnerability was introduced with 6eae497abeab234418dfbd9d299e831eff86ed45 on 16.04.2020, which is first included in the 3.2 release. It has been patched in version 3.3 ( in commit f3809fc8a97ee305d721662a75f788f9e9d21938, merged in master on 20.11.2020).

Action-Not Available
Vendor-openslidesOpenSlides
Product-openslidesOpenSlides
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29666
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 36.70%
||
7 Day CHG~0.00%
Published-27 Apr, 2021 | 16:32
Updated-16 Sep, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199400.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-spectrum_scalelinux_kernelSpectrum Scale
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-24728
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.75% / 72.90%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 00:00
Updated-23 Apr, 2025 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting in CKEditor4

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.

Action-Not Available
Vendor-ckeditorckeditorOracle CorporationFedora ProjectThe Drupal Association
Product-application_expresspeoplesoft_enterprise_peopletoolsfinancial_services_trade-based_anti_money_launderingcommerce_merchandisingfinancial_services_analytical_applications_infrastructurefedoradrupalckeditorfinancial_services_behavior_detection_platformckeditor4
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29834
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.10% / 28.71%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 15:55
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1, 20.0.0.2, and 21.0.2 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204832.

Action-Not Available
Vendor-IBM Corporation
Product-business_automation_workflowbusiness_process_managerBusiness Process ManagerBusiness Automation Workflow
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-4559
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.16% / 37.18%
||
7 Day CHG~0.00%
Published-04 Jan, 2010 | 21:00
Updated-07 Aug, 2024 | 07:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Submitted By module 6.x before 6.x-1.3 for Drupal allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via an input string for "submitted by" text.

Action-Not Available
Vendor-nanwichn/aThe Drupal Association
Product-submitted_bydrupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29713
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 29.67%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 16:00
Updated-16 Sep, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Action-Not Available
Vendor-IBM Corporation
Product-rational_doors_next_generationrational_engineering_lifecycle_managerrational_team_concertengineering_lifecycle_optimizationrational_collaborative_lifecycle_managementRational DOORS Next GenerationEngineering Workflow ManagementRational Collaborative Lifecycle ManagementEngineering Lifecycle OptimizationRational Engineering Lifecycle ManagerRational Team Concert
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29809
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.20% / 41.54%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 16:45
Updated-16 Sep, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204270.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_netcool\/omnibus_webguiTivoli Netcool/OMNIbus
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-30003
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.21% / 43.54%
||
7 Day CHG~0.00%
Published-02 Apr, 2021 | 04:29
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add url_address.

Action-Not Available
Vendor-n/aNokia Corporation
Product-g-120w-fg-120w-f_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-26609
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.26% / 49.44%
||
7 Day CHG~0.00%
Published-23 Feb, 2021 | 16:38
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fastadmin V1.0.0.20200506_beta contains a cross-site scripting (XSS) vulnerability which may allow an attacker to obtain administrator credentials to log in to the background.

Action-Not Available
Vendor-fastadminn/a
Product-fastadminn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • ...
  • 22
  • 23
  • 24
  • ...
  • 127
  • 128
  • Next
Details not found