Lucene search
K

15795 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:43 a.m.7 views

CVE-2019-5975

DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...

5.4CVSS5.8AI score0.0082EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:43 a.m.5 views

CVE-2019-5962

Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS6.4AI score0.01587EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:27 a.m.6 views

CVE-2019-15724

An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection...

6.1CVSS6.3AI score0.01225EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:25 a.m.6 views

CVE-2019-19327

ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT...

6.1CVSS7.3AI score0.00854EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:25 a.m.5 views

CVE-2019-19328

ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT...

6.1CVSS7.3AI score0.00854EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:19 a.m.5 views

CVE-2019-15510

ManageEngineDesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the user administration page via the description of a role...

6.1CVSS7AI score0.03196EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:18 a.m.8 views

CVE-2019-17667

Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name aka SiteName field...

5.4CVSS6.5AI score0.00531EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:18 a.m.7 views

CVE-2019-16962

Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New Custom Report...

5.4CVSS7AI score0.02297EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:9 a.m.7 views

CVE-2019-14756

An issue was discovered in KaiOS 1.0, 2.5, and 2.5.12.5. The pre-installed Email application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a specially crafted email to the victim that will inject HTML into the email application's UI as soon as the email is opened. A...

6.1CVSS6.9AI score0.00798EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:57 a.m.6 views

CVE-2019-12863

SolarWinds Orion Platform 2018.4 HF3 NPM 12.4, NetPath 1.1.4 allows Stored HTML Injection by administrators via the Web Console Settings screen...

4.8CVSS7AI score0.01076EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:53 a.m.7 views

CVE-2019-1577

Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML...

6.5CVSS7.1AI score0.00902EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:46 a.m.16 views

CVE-2019-10335

A stored cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier allowed attackers able to configure jobs in Jenkins or control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in the plugin-provided output on build status pages...

5.4CVSS5.7AI score0.01133EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:35 a.m.5 views

CVE-2017-9622

Multiple cross-site scripting XSS vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data...

6.1CVSS5.9AI score0.01028EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:14 a.m.6 views

CVE-2018-18291

A cross site scripting XSS vulnerability on ASUS RT-AC58U 3.0.0.4.3806516 devices allows remote attackers to inject arbitrary web script or HTML via AdvancedASUSDDNSContent.asp, AdvancedWSecurityContent.asp, AdvancedWirelessContent.asp, Logout.asp, MainLogin.asp, MobileQISLogin.asp, QISwizard.htm...

6.1CVSS5.8AI score0.0083EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:11 a.m.5 views

CVE-2019-9226

An issue was discovered in baigo CMS 2.1.1. There is a persistent XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the optbaseBGSITENAME parameter to the bgconsole/index.php?m=opt=request URI...

6.1CVSS6AI score0.01105EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:2 a.m.6 views

CVE-2018-16622

Multiple cross-site scripting XSS vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 discription or 2 comments field, related to users/userAddContent...

5.4CVSS5.9AI score0.00788EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:1 a.m.9 views

CVE-2019-5989

DOM-based cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Analysis Object Page...

6.1CVSS6.2AI score0.00797EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:56 a.m.8 views

CVE-2019-0869

A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'...

6.1CVSS6.8AI score0.01955EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:34 a.m.3 views

CVE-2019-17223

There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php...

6.1CVSS7AI score0.01114EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:23 a.m.5 views

CVE-2016-10508

Multiple cross-site scripting XSS vulnerabilities in phpThumb before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php...

6.1CVSS6AI score0.00831EPSS
Exploits0References1
Rows per page
Query Builder