Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4016 | 1 Sap | 1 Java As | 2018-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigation/NavigationApplication, aka SAP Security Note 2201295. | |||||
| CVE-2016-2387 | 1 Sap | 1 Netweaver | 2018-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) ns or (2) interface parameter to ProxyServer/register, aka SAP Security Note 2220571. | |||||
| CVE-2018-18952 | 1 Jeecms | 1 Jeecms | 2018-12-10 | 3.5 LOW | 4.8 MEDIUM |
| JEECMS 9.3 has XSS via an index.do#/content/update?type=update URI. | |||||
| CVE-2018-18733 | 1 Catfish-cms | 1 Catfish Cms | 2018-12-07 | 3.5 LOW | 5.4 MEDIUM |
| An XSS issue was discovered in Catfish CMS 4.8.30, related to "write source code," a similar issue to CVE-2018-13999. | |||||
| CVE-2018-18736 | 1 Catfish-cms | 1 Catfish Blog | 2018-12-07 | 3.5 LOW | 5.4 MEDIUM |
| An XSS issue was discovered in catfish blog 2.0.33, related to "write source code." | |||||
| CVE-2018-19051 | 1 Metinfo | 1 Metinfo | 2018-12-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter. | |||||
| CVE-2018-19050 | 1 Metinfo | 1 Metinfo | 2018-12-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter. | |||||
| CVE-2018-19835 | 1 Metinfo | 1 Metinfo | 2018-12-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter. | |||||
| CVE-2018-17782 | 1 Mantisbt | 1 Mantisbt | 2018-12-07 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name. | |||||
| CVE-2018-17783 | 1 Mantisbt | 1 Mantisbt | 2018-12-07 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name. | |||||
| CVE-2018-18694 | 1 Monstra | 1 Monstra | 2018-12-06 | 3.5 LOW | 4.8 MEDIUM |
| admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote authenticated administrators to trigger stored XSS via JavaScript content in a file whose name lacks an extension. Such a file is interpreted as text/html in certain cases. | |||||
| CVE-2018-15712 | 1 Nagios | 1 Nagios Xi | 2018-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php. | |||||
| CVE-2018-15713 | 1 Nagios | 1 Nagios Xi | 2018-12-06 | 3.5 LOW | 5.4 MEDIUM |
| Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php. | |||||
| CVE-2018-15714 | 1 Nagios | 1 Nagios Xi | 2018-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters. | |||||
| CVE-2018-12246 | 1 Symantec | 1 Web Isolation | 2018-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web sites. A successful attack allows injecting malicious JavaScript code into the website's rendered copy running inside the end user's web browser. It does not allow injecting code into the real (isolated) copy of the website running on the WI Threat Isolation Engine. | |||||
| CVE-2018-18548 | 1 Ajenti | 1 Ajenticp | 2018-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager. | |||||
| CVE-2018-18551 | 1 Serverscheck | 1 Monitoring Software | 2018-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, group_delete.html group parameter, report_save.html query parameter, sensors.html location parameter, or group_delete.html group parameter. | |||||
| CVE-2018-18840 | 1 Sem-cms | 1 Semcms | 2018-12-06 | 3.5 LOW | 5.4 MEDIUM |
| XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexmetatit parameter. | |||||
| CVE-2018-18783 | 1 Sem-cms | 1 Semcms | 2018-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS was discovered in SEMCMS V3.4 via the semcms_remail.php?type=ok umail parameter. | |||||
| CVE-2018-18841 | 1 Sem-cms | 1 Semcms | 2018-12-06 | 3.5 LOW | 4.8 MEDIUM |
| XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexkey parameter. | |||||
| CVE-2018-18517 | 1 Citrix | 1 Netscaler Gateway Firmware | 2018-12-06 | 3.5 LOW | 4.8 MEDIUM |
| Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS. | |||||
| CVE-2018-18635 | 1 Mailcleaner | 1 Mailcleaner | 2018-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO. | |||||
| CVE-2018-18720 | 1 Yunucms | 1 Yunucms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in index.php/admin/system/basic in YUNUCMS 1.1.5. | |||||
| CVE-2018-18721 | 1 Yunucms | 1 Yunucms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5. | |||||
| CVE-2018-18723 | 1 Yunucms | 1 Yunucms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in index.php/admin/area/editarea/id/110000 in YUNUCMS 1.1.5. | |||||
| CVE-2018-18722 | 1 Yunucms | 1 Yunucms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in admin/content/editcontent?id=29&gopage=1 in YUNUCMS 1.1.5. | |||||
| CVE-2018-18724 | 1 Yunucms | 1 Yunucms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in index.php/admin/category/editcategory?id=73 in YUNUCMS 1.1.5. | |||||
| CVE-2018-18725 | 1 Yunucms | 1 Yunucms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in admin/banner/editbanner?id=20 in YUNUCMS 1.1.5. | |||||
| CVE-2018-12901 | 1 Mitel | 2 St, St Firmware | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | |||||
| CVE-2018-18621 | 1 Communigate | 1 Communigate Pro | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! Mail Composer, which is mishandled in /MIME/INBOX-MM-1/ if the raw email link (in .txt format) is modified and then renamed with a .html or .wssp extension. | |||||
| CVE-2018-18726 | 1 Yunucms | 1 Yunucms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in admin/sitelink/editsitelink?id=16 in YUNUCMS 1.1.5. | |||||
| CVE-2018-18745 | 1 Sem-cms | 1 Semcms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Menu.php?lgid=1 during editing. | |||||
| CVE-2018-18743 | 1 Sem-cms | 1 Semcms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in SEMCMS 3.4 via the second text field to the admin/SEMCMS_Categories.php?pid=1&lgid=1 URI. | |||||
| CVE-2018-18741 | 1 Sem-cms | 1 Semcms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Download.php?lgid=1 during editing. | |||||
| CVE-2018-18744 | 1 Sem-cms | 1 Semcms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in SEMCMS 3.4 via the fifth text box to the admin/SEMCMS_Main.php URI. | |||||
| CVE-2018-18738 | 1 Sem-cms | 1 Semcms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Categories.php?pid=1&lgid=1 category_key parameter. | |||||
| CVE-2018-18739 | 1 Sem-cms | 1 Semcms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Products.php?lgid=1 Keywords field. | |||||
| CVE-2018-18740 | 1 Sem-cms | 1 Semcms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in SEMCMS 3.4 via the first input field to the admin/SEMCMS_Link.php?lgid=1 URI. | |||||
| CVE-2015-4631 | 1 Koha | 1 Koha | 2018-12-04 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl. | |||||
| CVE-2018-18622 | 1 Bijiadao | 1 Waimai Super Cms | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Waimai Super Cms 20150505. There is XSS via the index.php?m=public&a=doregister username parameter. | |||||
| CVE-2018-18290 | 1 Nconsulting | 1 Nc-cms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| ** DISPUTED ** An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html&name=home_content allows XSS via the HTML Source Editor. NOTE: the vendor disputes this because the form requires administrator privileges, and entering JavaScript is supported functionality. | |||||
| CVE-2018-18291 | 1 Asus | 2 Rt-ac58u, Rt-ac58u Firmware | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 devices allows remote attackers to inject arbitrary web script or HTML via Advanced_ASUSDDNS_Content.asp, Advanced_WSecurity_Content.asp, Advanced_Wireless_Content.asp, Logout.asp, Main_Login.asp, MobileQIS_Login.asp, QIS_wizard.htma, YandexDNS.asp, ajax_status.xml, apply.cgi, clients.asp, disk.asp, disk_utility.asp, or internet.asp. | |||||
| CVE-2018-18324 | 1 Centos-webpanel | 1 Centos Web Panel | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_current_dir parameter, or the admin/index.php module, service_start, service_fullstatus, service_restart, service_stop, or file (within the file_editor) parameter. | |||||
| CVE-2018-18416 | 1 Pokkho | 1 Lango | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the site_name parameter to the admin/settings/update URI. | |||||
| CVE-2018-18553 | 1 Leanote | 1 Leanote | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page. | |||||
| CVE-2018-15315 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a reflected Cross Site Scripting (XSS) vulnerability in an undisclosed Configuration Utility page. | |||||
| CVE-2018-15314 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page. | |||||
| CVE-2018-18547 | 1 Vestacp | 1 Control Panel | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI. | |||||
| CVE-2018-18636 | 1 D-link | 2 Dsl-2640t, Dsl-2640t Firmware | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:RelaodHref or var:conid parameter. | |||||
| CVE-2018-18478 | 1 Librenms | 1 Librenms | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML via the dashboard_name parameter in the /ajax_form.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php, and html/includes/forms/edit-dashboard.inc.php. | |||||