CVE-2019-12626 Cisco Unified Contact Center Express Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express Unified CCX could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability...

CVE-2019-0341

The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. If an attacker runs script code in the context of the application, he could get access to the session cookie. The session cookie could then be abused to gain access to the application...

CVE-2019-0341

The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. If an attacker runs script code in the context of the application, he could get access to the session cookie. The session cookie could then be abused to gain access to the application...

User Agent String Switcher Service - XSS Vulnerabilities

Document Title: =============== User Agent String Switcher Service - XSS Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2189 Release Date: ============= 2019-08-13 Vulnerability Laboratory ID VL-ID: ====================================...

Microsoft Office SharePoint CVE-2019-1203 Cross Site Scripting Vulnerability

Description Microsoft Office SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...

CVE-2019-1973

A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to improper input validation of log file...

CVE-2019-1949

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficien...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficien...

Cross site scripting

A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to improper input validation of log file...

CVE-2019-1973 Cisco Enterprise NFV Infrastructure Software Cross-site Scripting Vulnerability

A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to improper input validation of log file...

CVE-2019-1956 Cisco SPA112 2-Port Phone Adapter Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of the Cisco SPA112 2-Port Phone Adapter could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against another user of the device. The vulnerability is due to insufficient validation of user-supplied input by the...

CVE-2019-1949 Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficien...

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability exists because the...

CVE-2019-1941

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability exists because the...

CVE-2019-1941 Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability exists because the...

Cross site scripting

Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting XSS - CWE-80. The impact is: Execute java script code on users browser. The component is: web app. The attack vector is: the victim must open a ticket. The fixed version is: 2.3.1, 2.2.2 and 2.1.3...

Tenable Nessus < 8.5.0 Multiple Vulnerabilities (TNS-2019-04)

According to its self-reported version, the Tenable Nessus application running on the remote host is prior to 8.5.0. It is, therefore, affected by multiple vulnerabilities: - A reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could...

Microsoft Team Foundation Server CVE-2019-1076 Cross Site Scripting Vulnerability

Description Microsoft Team Foundation Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...

Microsoft ASP.NET Core CVE-2019-1075 Spoofing Vulnerability

Description Microsoft ASP.NET Core is prone to a spoofing vulnerability because it fails to properly sanitize user-supplied input. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirect...

Microsoft Office SharePoint CVE-2019-1134 Cross Site Scripting Vulnerability

Description Microsoft Office SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...