WordPress < 5.3.1

WordPress versions 5.3.0 and earlier are affected by the following vulnerabilities: - Two cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these, by convincing a user to click a specially crafted URL,...

Multiple Jenkins Plugins Multiple Security Vulnerabilities

Description Jenkins plugins are prone to the following vulnerabilities: 1. Multiple information-disclosure vulnerabilities. 2. Multiple cross-site request forgery vulnerabilities. 3. Multiple HTML-injection vulnerabilities. 4. An XML External Entity injection vulnerability An attacker may...

IBM Cloud Pak System CVE-2019-4098 Cross Site Scripting Vulnerability

Description IBM Cloud Pak System is prone to an cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager Unified CDM could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient...

CVE-2019-15994 Cisco Stealthwatch Enterprise Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient...

CVE-2019-15973 Cisco Industrial Network Director Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Industrial Network Director IND could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected application. The vulnerability is due to insufficient validati...

Cisco Unified Communications Domain Manager Persistent Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager Unified CDM could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability...

Moodle CVE-2019-14881 Cross Site Scripting Vulnerability

Description Moodle is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attack...

Cisco Unified Communications Manager IM and Presence XSS (cisco-sa-20191002-cuc-xss)

A cross-site scripting XSS vulnerability exists due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session...

Cisco Unified Communications Manager XSS (cisco-sa-20191002-cuc-xss)

According to its self-reported version, Cisco Unified Communications Manager is affected by a cross-site scripting XSS vulnerability. This is due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this by convincing a user to click a specially crafted U...

Cisco Unity Connection Web Framework XSS (cisco-sa-20191002-cuc-xss)

A cross-site scripting XSS vulnerability exists due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session...

Cisco Firepower Management Center Multiple Cross-Site Scripting Vulnerabilities (cisco-sa-20191016-firepwr-xss)

According to its self-reported version, Cisco Firepower Management Center is affected by multiple cross-site scripting XSS vulnerabilities due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to...

Atlassian Jira 7.13.x < 7.13.3, 8.x < 8.1.1 Cross-Site Scripting Vulnerability

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is potentially affected by a cross-site scripting XSS vulnerability in the ConfigurePortalPages.jspa resource due to improper validation of user-supplied input before returning it to user...

Cisco TelePresence VCS / Expressway 12.5.x < 12.5.4 XSS

According to its self-reported version, the Cisco TelePresence Video Communication Server VCS / Expressway running on the remote host is 12.5.x prior to 12.5.4. It is, therefore, affected by a cross-site scripting XSS vulnerability due to improper validation of user-supplied input before returnin...

Cisco Finesse Appliance Multiple Cross-Site Scripting Vulnerabilities (Cisco-SA-20150818-CVE-2015-4310)

According to its self-reported version, the Cisco Finesse appliance is affected by multiple cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to...

CVE-2019-12705

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected...

CVE-2019-12703

A vulnerability in the web-based management interface of Cisco SPA122 ATA with Router Devices could allow an unauthenticated, adjacent attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface...

CVE-2019-12638

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the web-based management interface. The vulnerability is due to insufficient validation of...

CVE-2019-12702

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters ATAs could allow an authenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input by the web-based management...