CVSS: 6.1EPSS: 0%CPEs: 56EXPL: 3CVE-2019-8331 – bootstrap: XSS in the tooltip or popover data-template attribute
https://notcve.org/view.php?id=CVE-2019-8331
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. En Bootstrap, en versiones anteriores a la 3.4.1 y versiones 4.3.x anteriores a la 4.3.1, es posible Cross-Site Scripting (XSS) en los atributos de data-template tooltip o popover. A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired. • https://github.com/Thampakon/CVE-2019-8331 https://github.com/ossf-cve-benchmark/CVE-2019-8331 https://github.com/Snorlyd/https-nj.gov---CVE-2019-8331 http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html http://seclists.org/fulldisclosure/2019/May/10 http://seclists.org/fulldisclosure/2019/May/11 http://seclists.org/fulldisclosure/2019/May/13 http://www.securityfocus.com/bid/107375 https://access.redhat.com/errata/RHSA-2019:1456 https://access.re • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 52EXPL: 0CVE-2019-6589
https://notcve.org/view.php?id=CVE-2019-6589
On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP configuration utility. En BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7 y 11.6.0-11.6.3.2, hay una vulnerabilidad Cross-Site Scripting (XSS) reflejado en una página sin revelar de BIG-IP TMUI (Traffic Management User Interface), también conocido como la utilidad de configuración de BIG-IP. • https://support.f5.com/csp/article/K23566124 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-6591
https://notcve.org/view.php?id=CVE-2019-6591
On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. En BIG-IP APM, desde la versión 14.0.0 hasta la 14.0.0.4, desde la 13.0.0 hasta la 13.1.1.3 y desde la 12.1.0 hasta la 12.1.3.7, existe una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en la página de recursos de información para usuarios autenticados cuando una webtop completa está configurada en el sistema BIG-IP APM. • https://support.f5.com/csp/article/K32840424 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 52EXPL: 0CVE-2018-15333
https://notcve.org/view.php?id=CVE-2018-15333
On versions 11.2.1. and greater, unrestricted Snapshot File Access allows BIG-IP system's user with any role, including Guest Role, to have access and download previously generated and available snapshot files on the BIG-IP configuration utility such as QKView and TCPDumps. En versiones 11.2.1. y posteriores, el acceso a los archivos de instantánea sin restricciones permite que un usuario del sistema BIG-IP con cualquier rol, incluyendo Guest, tenga acceso y descargue archivos de captura previamente generados y disponibles en la utilidad de configuración de BIG-IP, como QKView y TCPDumps. • http://www.securityfocus.com/bid/106380 https://support.f5.com/csp/article/K53620021 https://support.f5.com/csp/article/K53620021?utm_source=f5support&%3Butm_medium=RSS • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-15334
https://notcve.org/view.php?id=CVE-2018-15334
A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication. Una vulnerabilidad Cross-Site Request Forgery (CSRF) en APM webtop, en versiones 11.2.1 o posteriores, podría permitir que un atacante fuerce una sesión de APM webtop a que cierre la sesión y requiera reautenticarse. • http://www.securityfocus.com/bid/106364 https://support.f5.com/csp/article/K74114570 • CWE-352: Cross-Site Request Forgery (CSRF) •