Max CVSS 7.5 Min CVSS 4.0 Total Count56
IDCVSSSummaryLast (major) updatePublished
CVE-2019-9083 7.5
SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is discontinued.
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2019-8938 4.3
VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter.
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2019-7425 4.3
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter.
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2019-7424 4.3
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or gr
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2019-7423 4.3
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter.
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2019-7422 4.3
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter.
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2019-7421 4.3
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple parameters: contextpath and basedURL.
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2019-7420 4.3
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.application/information/networkinformationView.sws" in the tabName parameter.
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2019-7419 4.3
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title.
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2019-7418 4.3
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc.
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2019-7417 4.3
XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple parameters in the "/cgi-bin/alexserv" servlet, as demonstrated by the DB, FN, fn, or id parameter.
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2019-7416 4.3
XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in "/webtop/help/en/default.htm" is vulnerable.
21-03-2019 - 12:01 21-03-2019 - 12:01
CVE-2018-18845 4.3
internal/advanced_comment_system/index.php and internal/advanced_comment_system/admin.php in Advanced Comment System, version 1.0, contain a reflected cross-site scripting vulnerability via ACS_path. A remote unauthenticated attacker could potentiall
21-03-2019 - 12:00 21-03-2019 - 12:00
CVE-2018-18941 5.0
In Vignette Content Management version 6, it is possible to gain remote access to administrator privileges by discovering the admin password in the vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin HTML source code, and then creating a privilege
31-01-2019 - 14:29 31-01-2019 - 14:29
CVE-2018-18940 4.3
servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicio
31-01-2019 - 14:29 31-01-2019 - 14:29
CVE-2018-19862 7.5
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP POST request. NOTE: this product is discontinued.
03-01-2019 - 14:29 03-01-2019 - 14:29
CVE-2018-19861 7.5
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP HEAD request. NOTE: this product is discontinued.
03-01-2019 - 14:29 03-01-2019 - 14:29
CVE-2018-19505 4.0
Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allo
03-01-2019 - 14:29 03-01-2019 - 14:29
CVE-2018-20211 6.8
ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an o
02-01-2019 - 13:29 02-01-2019 - 13:29
CVE-2018-20193 4.0
Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (b
21-12-2018 - 18:29 21-12-2018 - 18:29
CVE-2018-19822 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SharedCriteria.jsp" has reflected XSS via the ConnPoolName or GroupId parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19821 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SecurityPolicies.jsp" has reflected XSS via the ConnPoolName parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19820 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Roles.jsp" has reflected XSS via the ConnPoolName parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19819 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Rights.jsp" has reflected XSS via the ConnPoolName parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19818 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Contacts.jsp" has reflected XSS via the ConnPoolName parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19817 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/AdminAuthorisationFrame.jsp" has reflected XSS via the ConnPoolName or GroupId parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19816 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/categorytree/ChooseCategory.jsp" has reflected XSS via the ConnPoolName parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19815 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/UserPopupAddNewProp.jsp" has reflected XSS via the ConnPoolName parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19814 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Subscriptions.jsp" has reflected XSS via the ConnPoolName or GroupId parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19813 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Subscribers.jsp" has reflected XSS via the ConnPoolName or GroupId parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19812 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SubFolderPackages.jsp" has reflected XSS via the GroupId parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19811 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Import.jsp" has reflected XSS via the ConnPoolName parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19810 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/GroupMove.jsp" has reflected XSS via the ConnPoolName, GroupId, or type parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19809 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/GroupCopy.jsp" has reflected XSS via the ConnPoolName, GroupId, or type parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19775 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "Variables.jsp" has reflected XSS via the ConnPoolName and GroupId parameters.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19774 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "PresentSpace.jsp" has reflected XSS via the GroupId and ConnPoolName parameters.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19773 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentUser.jsp" has reflected XSS via the GroupId and ConnPoolName parameters.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19772 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentPresentSpace.jsp" has reflected XSS via the ConnPoolName, GroupId, and ParentId parameters.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19771 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentPool.jsp" has reflected XSS via the PropName parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19770 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "Users.jsp" has reflected XSS via the ConnPoolName parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19769 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "UserProperties.jsp" has reflected XSS via the ConnPoolName parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19768 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "SubPagePackages.jsp" has reflected XSS via the ConnPoolName and GroupId parameters.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19767 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "PresentSpace.jsp" has reflected XSS via the ConnPoolName and GroupId parameters.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19766 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "GroupRessourceAdmin.jsp" has reflected XSS via the ConnPoolName parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19765 4.3
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentPresentSpace.jsp" has reflected XSS via the ConnPoolName, GroupId, and ParentId parameters.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19649 4.3
XSS exists in InfoVista VistaPortal SE Version 5.1 (build 51029). VPortal/mgtconsole/RolePermissions.jsp has reflected XSS via the ConnPoolName parameter.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-19439 4.3
XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/hel
13-12-2018 - 14:29 13-12-2018 - 14:29
CVE-2018-19754 6.5
Tarantella Enterprise before 3.11 allows bypassing Access Control.
05-12-2018 - 17:29 05-12-2018 - 17:29
CVE-2018-19753 5.0
Tarantella Enterprise before 3.11 allows Directory Traversal.
05-12-2018 - 17:29 05-12-2018 - 17:29
CVE-2018-18619 7.5
internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute th
29-11-2018 - 17:29 29-11-2018 - 17:29
CVE-2018-18777 4.0
Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slas
01-11-2018 - 13:29 01-11-2018 - 13:29
CVE-2018-18776 4.3
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product.
01-11-2018 - 13:29 01-11-2018 - 13:29
CVE-2018-18775 4.3
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product.
01-11-2018 - 13:29 01-11-2018 - 13:29
CVE-2009-3903 4.3
Multiple cross-site scripting (XSS) vulnerabilities in jspui/index.jsp in ManageEngine Netflow Analyzer 7.5 build 7500 allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) section parameters. NOTE: the provenance of
02-02-2011 - 01:48 06-11-2009 - 10:30
CVE-2010-1910 5.1
The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two
12-05-2010 - 00:00 12-05-2010 - 07:46
CVE-2004-2271 7.5
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
05-09-2008 - 16:43 31-12-2004 - 00:00
Back to Top Mark selected
Back to Top