Search
Total
175 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0914 | 1 Microsoft | 2 Project Server, Sharepoint Enterprise Server | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | |||||
| CVE-2018-0913 | 1 Microsoft | 2 Project Server, Sharepoint Enterprise Server | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | |||||
| CVE-2018-0912 | 1 Microsoft | 2 Project Server, Sharepoint Enterprise Server | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | |||||
| CVE-2018-0911 | 1 Microsoft | 2 Project Server, Sharepoint Enterprise Server | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | |||||
| CVE-2018-0910 | 1 Microsoft | 2 Project Server, Sharepoint Enterprise Server | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | |||||
| CVE-2018-0909 | 1 Microsoft | 2 Project Server, Sharepoint Enterprise Server | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0910, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | |||||
| CVE-2017-9062 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-10-03 | 5.0 MEDIUM | 8.6 HIGH |
| In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API. | |||||
| CVE-2017-8569 | 1 Microsoft | 1 Sharepoint Server | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it sanitizes a specially crafted web request to an affected SharePoint server, aka "SharePoint Server XSS Vulnerability". | |||||
| CVE-2018-20911 | 1 Cpanel | 1 Cpanel | 2019-08-02 | 6.5 MEDIUM | 7.2 HIGH |
| cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup (SEC-359). | |||||
| CVE-2018-20850 | 1 Stormshield | 1 Stormshield Network Security | 2019-07-08 | 7.2 HIGH | 8.2 HIGH |
| Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server. | |||||
| CVE-2017-8332 | 1 Securifi | 6 Almond, Almond\+, Almond\+firmware and 3 more | 2019-06-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking key words passing in the web traffic to prevent kids from watching content that might be deemed unsafe using the web management interface. It seems that the device does not implement any cross-site scripting protection mechanism which allows an attacker to trick a user who is logged in to the web management interface into executing a stored cross-site scripting payload on the user's browser and execute any action on the device provided by the web management interface. | |||||
| CVE-2019-12830 | 1 Mybb | 1 Mybb | 2019-06-20 | 3.5 LOW | 8.7 HIGH |
| In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue. | |||||
| CVE-2019-0130 | 1 Intel | 1 Rapid Storage Technology Enterprise | 2019-06-17 | 4.3 MEDIUM | 7.4 HIGH |
| Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2019-11982 | 1 Hp | 39 Integrated Lights-out 4 Firmware, Integrated Lights-out 5 Firmware, Proliant Bl460c Gen10 and 36 more | 2019-06-07 | 7.6 HIGH | 8.3 HIGH |
| A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39. | |||||
| CVE-2018-14575 | 1 Mybb | 1 Trash Bin | 2019-03-26 | 6.8 MEDIUM | 8.8 HIGH |
| Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject. | |||||
| CVE-2016-1000118 | 1 Huge-it | 1 Slideshow | 2018-05-02 | 6.5 MEDIUM | 7.2 HIGH |
| XSS & SQLi in HugeIT slideshow v1.0.4 | |||||
| CVE-2016-1000119 | 1 Huge-it | 1 Catalog | 2018-05-02 | 6.5 MEDIUM | 7.2 HIGH |
| SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla | |||||
| CVE-2016-1000115 | 1 Huge-it | 1 Portfolio Gallery Manager | 2017-11-13 | 6.5 MEDIUM | 7.2 HIGH |
| Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS | |||||
| CVE-2016-2512 | 1 Djangoproject | 1 Django | 2017-09-08 | 4.3 MEDIUM | 7.4 HIGH |
| The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com. | |||||
| CVE-2017-7666 | 1 Apache | 1 Openmeetings | 2017-07-19 | 6.8 MEDIUM | 8.8 HIGH |
| Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks. | |||||
| CVE-2017-2683 | 1 Siemens | 1 Ruggedcom Network Management Software | 2017-07-17 | 4.3 MEDIUM | 8.2 HIGH |
| A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions. | |||||
| CVE-2016-1000116 | 1 Huge-it | 1 Portfolio Gallery Manager | 2017-03-28 | 6.5 MEDIUM | 7.2 HIGH |
| Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS | |||||
| CVE-2016-8356 | 1 Kabona Ab | 1 Webdatorcentral | 2017-02-16 | 4.3 MEDIUM | 8.2 HIGH |
| An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. The web server URL inputs are not sanitized correctly, which may allow cross-site scripting vulnerabilities. | |||||
| CVE-2016-1000117 | 1 Huge-it | 1 Slideshow | 2017-01-06 | 6.5 MEDIUM | 7.2 HIGH |
| XSS & SQLi in HugeIT slideshow v1.0.4 | |||||
| CVE-2016-6641 | 1 Emc | 1 Vipr Srm | 2016-11-28 | 3.5 LOW | 7.6 HIGH |
| Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||