Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 171507 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2021-31589 A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests without proper sanitization. HIGH Jan 8, 2022 n/a
CVE-2024-0554 A Cross-site scripting (XSS) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via \'/setup/diags_ir_learn.asp\', allowing the attacker to retrieve the session details of another user. -- Jan 16, 2024 n/a
CVE-2024-2078 A Cross-Site Scripting (XSS) vulnerability has been found in HelpDeskZ affecting version 2.0.2 and earlier. This vulnerability could allow an attacker to send a specially crafted JavaScript payload within the email field and partially take control of an authenticated user\'s browser session. -- Mar 1, 2024 n/a
CVE-2023-6359 A Cross-Site Scripting (XSS) vulnerability has been found in Alumne LMS affecting version 4.0.0.1.08. An attacker could exploit the \'localidad\' parameter to inject a custom JavaScript payload and partially take over another user\'s browser session, due to the lack of proper sanitisation of the \'localidad\' field on the /users/editmy page. -- Nov 28, 2023 n/a
CVE-2020-26642 A cross-site scripting (XSS) vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to inject arbitrary web script or HTML. MEDIUM May 28, 2021 n/a
CVE-2021-29159 A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application. MEDIUM Apr 28, 2021 n/a
CVE-2023-32000 A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page. -- Jul 8, 2023 n/a
CVE-2022-23378 A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 version of TastyIgniter. The items%5B0%5D%5Bpath%5D parameter of a request made to /admin/allergens/edit/1 is vulnerable. LOW Feb 11, 2022 n/a
CVE-2021-31330 A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent. LOW May 11, 2022 n/a
CVE-2018-8652 A Cross-site Scripting (XSS) vulnerability exists when Windows Azure Pack does not properly sanitize user-provided input, aka Windows Azure Pack Cross Site Scripting Vulnerability. This affects Windows Azure Pack Rollup 13.1. LOW Dec 12, 2018 n/a
CVE-2020-2005 A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user\'s active session. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7; All versions of PAN-OS 8.0. MEDIUM May 14, 2020 n/a
CVE-2019-0742 A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \'Team Foundation Server Cross-site Scripting Vulnerability\'. This CVE ID is unique from CVE-2019-0743. LOW Mar 22, 2019 n/a
CVE-2019-0743 A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \'Team Foundation Server Cross-site Scripting Vulnerability\'. This CVE ID is unique from CVE-2019-0742. LOW Mar 22, 2019 n/a
CVE-2019-1305 A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \'Team Foundation Server Cross-site Scripting Vulnerability\'. LOW Sep 13, 2019 n/a
CVE-2019-1076 A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \'Team Foundation Server Cross-site Scripting Vulnerability\'. LOW Jul 18, 2019 n/a
CVE-2019-0777 A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \'Team Foundation Server Cross-site Scripting Vulnerability\'. -- Apr 9, 2019 n/a
CVE-2019-0646 A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka Team Foundation Server Cross-site Scripting Vulnerability. This affects Team. Low Jan 22, 2019 n/a
CVE-2018-8602 A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka Team Foundation Server Cross-site Scripting Vulnerability. This affects Team. LOW Nov 13, 2018 n/a
CVE-2019-1332 A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka \'Microsoft SQL Server Reporting Services XSS Vulnerability\'. MEDIUM Dec 12, 2019 n/a
CVE-2020-1326 A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka \'Azure DevOps Server Cross-site Scripting Vulnerability\'. LOW Jul 15, 2020 n/a
CVE-2020-0700 A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka \'Azure DevOps Server Cross-site Scripting Vulnerability\'. LOW Mar 12, 2020 n/a
CVE-2019-0874 A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka \'Azure DevOps Server Cross-site Scripting Vulnerability\'. MEDIUM Apr 10, 2019 n/a
CVE-2019-0872 A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\'. This CVE ID is unique from CVE-2019-0979. LOW May 20, 2019 n/a
CVE-2019-0979 A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\'. This CVE ID is unique from CVE-2019-0872. LOW May 20, 2019 n/a
CVE-2019-0866 A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\'. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871. MEDIUM Apr 10, 2019 n/a
CVE-2019-0867 A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871. MEDIUM Apr 10, 2019 n/a
CVE-2019-0868 A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0870, CVE-2019-0871. MEDIUM Apr 10, 2019 n/a
CVE-2019-0870 A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0871. MEDIUM Apr 10, 2019 n/a
CVE-2019-0871 A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0870. MEDIUM Apr 10, 2019 n/a
CVE-2018-8600 A Cross-site Scripting (XSS) vulnerability exists when Azure App Services on Azure Stack does not properly sanitize user provided input, aka Azure App Service Cross-site Scripting Vulnerability. This affects Azure App. MEDIUM Nov 13, 2018 n/a
CVE-2021-26834 A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An attacker can insert payloads, and the code execution will happen immediately on markdown view mode. LOW Jun 20, 2021 n/a
CVE-2021-32158 A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature. MEDIUM Apr 15, 2022 n/a
CVE-2021-32157 A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. MEDIUM Apr 14, 2022 n/a
CVE-2021-32161 A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature. MEDIUM Apr 15, 2022 n/a
CVE-2021-32160 A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature. MEDIUM Apr 15, 2022 n/a
CVE-2014-6413 A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script. MEDIUM Feb 11, 2020 n/a
CVE-2013-6022 A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code. MEDIUM Feb 12, 2020 n/a
CVE-2020-27642 A cross-site scripting (XSS) vulnerability exists in the \'merge account\' functionality in admins.js in BigBlueButton Greenlight 2.7.6. MEDIUM Oct 22, 2020 n/a
CVE-2024-29374 A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE 3.10.9 handles user input within the GET /?lang= URL parameter. -- Mar 21, 2024 n/a
CVE-2022-28712 A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability. -- Aug 26, 2022 n/a
CVE-2011-3610 A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf. MEDIUM Jan 23, 2020 n/a
CVE-2020-29304 A cross-site scripting (XSS) vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a specially crafted CSV file to inject arbitrary web script or HTML as the victim is proceeding through the file import workflow. MEDIUM Dec 15, 2020 n/a
CVE-2011-2706 A Cross-Site Scripting (XSS) vulnerability exists in the reorder administrator functions in sNews 1.71. MEDIUM Jan 16, 2020 n/a
CVE-2011-3183 A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier. MEDIUM Jan 16, 2020 n/a
CVE-2020-15914 A cross-site scripting (XSS) vulnerability exists in the Origin Client for Mac and PC 10.5.86 or earlier that could allow a remote attacker to execute arbitrary Javascript in a target user’s Origin client. An attacker could use this vulnerability to access sensitive data related to the target user’s Origin account, or to control or monitor the Origin text chat window. LOW Nov 9, 2020 n/a
CVE-2023-48730 A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. -- Jan 10, 2024 n/a
CVE-2016-6588 A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0. LOW Jan 10, 2020 n/a
CVE-2022-21238 A cross-site scripting (xss) vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability. MEDIUM May 12, 2022 n/a
CVE-2022-30690 A cross-site scripting (xss) vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability. -- Aug 25, 2022 n/a
CVE-2011-3202 A Cross-Site Scripting (XSS) vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier. MEDIUM Jan 16, 2020 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online