Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5310 | 1 Yunucms | 1 Yunucms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by site_title in an admin/system/basic POST request.
|
|||||
| CVE-2019-5286 | 1 Huawei | 1 Hedex Lite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
There is a reflection XSS vulnerability in the HedEx products. Remote attackers send malicious links to users and trick users to click. Successfully exploit cloud allow the attacker to initiate XSS attacks. Affects HedEx Lite versions earlier than V200R006C00SPC007.
|
|||||
| CVE-2019-4749 | 1 Ibm | 20 Control Desk, Maximo Asset Configuration Manager, Maximo Asset Health Insights and 17 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308.
|
|||||
| CVE-2019-4748 | 1 Ibm | 10 Collaborative Lifecycle Management, Doors Next, Engineering Lifecycle Manager and 7 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173174.
|
|||||
| CVE-2019-4747 | 1 Ibm | 2 Engineering Workflow Management, Rational Team Concert | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172887.
|
|||||
| CVE-2019-4746 | 1 Ibm | 2 Doors Next Generation, Rational Doors Next Generation | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172885.
|
|||||
| CVE-2019-4744 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Financial Transaction Manager 3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172882.
|
|||||
| CVE-2019-4740 | 1 Ibm | 2 Doors Next Generation, Rational Doors Next Generation | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172808.
|
|||||
| CVE-2019-4737 | 1 Ibm | 2 Doors Next Generation, Rational Doors Next Generation | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172707.
|
|||||
| CVE-2019-4725 | 1 Ibm | 1 Security Access Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172131.
|
|||||
| CVE-2019-4718 | 1 Ibm | 1 Jazz For Service Management | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz for Service Management 3.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172123.
|
|||||
| CVE-2019-4691 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171828.
|
|||||
| CVE-2019-4681 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Tivoli Netcool\/impact, Linux Kernel and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171734.
|
|||||
| CVE-2019-4665 | 1 Ibm | 1 Spectrum Scale | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171247.
|
|||||
| CVE-2019-4663 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171245.
|
|||||
| CVE-2019-4653 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170964.
|
|||||
| CVE-2019-4645 | 1 Ibm | 1 Cognos Analytics | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170881.
|
|||||
| CVE-2019-4644 | 1 Ibm | 20 Control Desk, Maximo Asset Configuration Manager, Maximo Asset Health Insights and 17 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880.
|
|||||
| CVE-2019-4632 | 1 Ibm | 1 Security Secret Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170004.
|
|||||
| CVE-2019-4623 | 1 Ibm | 1 Cognos Analytics | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168924.
|
|||||
| CVE-2019-4611 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519.
|
|||||
| CVE-2019-4608 | 1 Ibm | 1 Tivoli Workload Scheduler | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Tivoli Workload Scheduler 9.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168508.
|
|||||
| CVE-2019-4602 | 1 Ibm | 1 Rational Quality Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168293.
|
|||||
| CVE-2019-4596 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 167879.
|
|||||
| CVE-2019-4581 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 167239.
|
|||||
| CVE-2019-4571 | 1 Ibm | 1 Content Navigator | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166721.
|
|||||
| CVE-2019-4569 | 1 Ibm | 1 Tivoli Netcool\/impact | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.16 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166719.
|
|||||
| CVE-2019-4564 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2019-4555 | 1 Ibm | 1 Cognos Analytics | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166204.
|
|||||
| CVE-2019-4542 | 1 Ibm | 1 Security Directory Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Security Directory Server 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 165815.
|
|||||
| CVE-2019-4497 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164118.
|
|||||
| CVE-2019-4495 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164116.
|
|||||
| CVE-2019-4494 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164115.
|
|||||
| CVE-2019-4486 | 1 Ibm | 9 Maximo Asset Management, Maximo For Aviation, Maximo For Life Sciences and 6 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070.
|
|||||
| CVE-2019-4482 | 1 Ibm | 1 Emptoris Spend Analysis | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164066.
|
|||||
| CVE-2019-4470 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163779.
|
|||||
| CVE-2019-4468 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163777.
|
|||||
| CVE-2019-4467 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163776.
|
|||||
| CVE-2019-4459 | 1 Ibm | 1 Cloud Orchestrator | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163656.
|
|||||
| CVE-2019-4454 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163618.
|
|||||