CVE-2019-11999

MEDIUM Year: 2019
CVSS v3 Score
6.9
Medium
CVSS v2 Score
4.9
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

Potential security vulnerabilities have been identified in HPE OpenCall Media Platform (OCMP) resulting in remote arbitrary file download and cross site scripting. HPE has made the following updates available to resolve the vulnerability in the impacted versions of OCMP. * For OCMP version 4.4.X - please upgrade to OCMP 4.4.8 and then install RP806 * For OCMP 4.5.x please contact HPE Technical Support to obtain the necessary software updates.

Related Vulnerabilities

CVE-2015-6005

MEDIUM
CVSS:6.9(Medium)

Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap mess...

CWE-792015

CVE-2020-8493

MEDIUM
CVSS:6.9(Medium)

A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via multiple input fields (Login Message, Banner Message, and Password Instructions...

CWE-792020

CVE-2020-8496

MEDIUM
CVSS:6.9(Medium)

In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as a...

CWE-792020

CVE-2021-33691

MEDIUM
CVSS:6.9(Medium)

NWDI Notification Service versions - 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.SAP NetWeaver Development Infrastructu...

CWE-792021

CVE-2022-0967

MEDIUM
CVSS:6.9(Medium)

Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4.

CWE-792022

CVE-2022-2589

MEDIUM
CVSS:6.9(Medium)

Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3.

CWE-792022