CVE-2019-7004

MEDIUM Year: 2019
CVSS v3 Score
6.4
Medium
CVSS v2 Score
3.5
Low
Weakness Type
CWE-79
View all →

Vulnerability Description

A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated.

Related Vulnerabilities

CVE-2012-3341

MEDIUM
CVSS:6.4(Medium)

IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a ...

CWE-792012

CVE-2016-2138

MEDIUM
CVSS:6.4(Medium)

In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in xss_clean() in class/KippoInput.class.php.

CWE-792016

CVE-2016-2139

MEDIUM
CVSS:6.4(Medium)

In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in $file_link in class/KippoInput.class.php.

CWE-792016

CVE-2019-3769

MEDIUM
CVSS:6.4(Medium)

Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to st...

CWE-792019

CVE-2019-3770

MEDIUM
CVSS:6.4(Medium)

Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could expl...

CWE-792019

CVE-2020-3233

MEDIUM
CVSS:6.4(Medium)

A vulnerability in the web-based Local Manager interface of the Cisco IOx Application Framework could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack agai...

CWE-792020