映射到 CWE-79 的搜索结果 (7868)

CVE-2018-1473(发布:2018-04-27 11:29:00)NM
CVSS4.3

[原文]IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140691.

CVE-2017-1724(发布:2018-04-26 10:29:00)NM
CVSS3.5

[原文]IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134814.

CVE-2018-6518(发布:2018-04-26 10:29:00)NM
CVSS3.5

[原文]Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php.

CVE-2018-9101(发布:2018-04-25 16:29:00)NM
CVSS4.3

[原文]A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the launch_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts.

CVE-2018-9103(发布:2018-04-25 16:29:00)NM
CVSS4.3

[原文]A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts.

CVE-2018-9104(发布:2018-04-25 16:29:00)NM
CVSS4.3

[原文]A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the api.php page. A successful exploit could allow an attacker to execute arbitrary scripts.

12345678下一页尾页 第1页 / 共1312页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站