| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1. |
| The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials. |
| In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system. |
| The /plugins/servlet/branchreview resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the reviewedBranch parameter. |
| The review resource in Atlassian Fisheye and Crucible before version 4.7.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a missing branch. |
| The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter. |
| Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions. |
| iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter. |
| SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS. |
| An issue was discovered in Frappe Framework 10, 11 before 11.1.46, and 12. There exists an XSS vulnerability. |
| JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS. |
| JetBrains YouTrack versions before 2019.2.53938 had a possible XSS through issue attachments when using the Firefox browser. |
| JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in the issue titles. |
| The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page. |
| The wp-database-backup plugin before 5.1.2 for WordPress has XSS. |
| The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure. |
| The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade. |
| The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations. |
| The ultimate-member plugin before 2.0.54 for WordPress has XSS. |
| An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials. |
