Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18417 | 1 Creativeitem | 1 Ekushey Project Manager | 2018-12-04 | 3.5 LOW | 5.4 MEDIUM |
| In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI. | |||||
| CVE-2018-18419 | 1 Ardawan | 1 User Management | 2018-12-04 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI. | |||||
| CVE-2018-18608 | 1 Dedecms | 1 Dedecms | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php. | |||||
| CVE-2018-18437 | 1 Axiositalia | 1 Registro Elettronico | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter. | |||||
| CVE-2018-18540 | 1 Teakki | 1 Teakki | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL. | |||||
| CVE-2018-15313 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page. | |||||
| CVE-2018-15703 | 1 Advantech | 1 Webaccess | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser. | |||||
| CVE-2018-18578 | 1 Dedecms | 1 Dedecms | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter. | |||||
| CVE-2018-18782 | 1 Dedecms | 1 Dedecms | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter. | |||||
| CVE-2018-18781 | 1 Dedecms | 1 Dedecms | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter. | |||||
| CVE-2018-18579 | 1 Dedecms | 1 Dedecms | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter. | |||||
| CVE-2018-18361 | 1 Nconsulting | 1 Nc-cms | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html allows XSS via the name parameter, as demonstrated by a value beginning with home_content and containing a crafted SRC attribute of an IMG element. | |||||
| CVE-2018-15312 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an authenticated user to execute JavaScript for the currently logged-in user. | |||||
| CVE-2018-18372 | 1 Kaasoft | 1 Library Cms | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Stored XSS vulnerability has been discovered in KAASoft Library CMS - Powerful Book Management System 2.1.1 via the /admin/book/create/ title parameter. | |||||
| CVE-2014-6071 | 1 Jquery | 1 Jquery | 2018-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after. | |||||
| CVE-2018-17964 | 1 Aryanic | 1 Highportal | 2018-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Aryanic HighPortal 12.5 has XSS via an Add Tags action. | |||||
| CVE-2018-15970 | 1 Adobe | 1 Experience Manager | 2018-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-15969 | 1 Adobe | 1 Experience Manager | 2018-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-15971 | 1 Adobe | 1 Experience Manager | 2018-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-15972 | 1 Adobe | 1 Experience Manager | 2018-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-15973 | 1 Adobe | 1 Experience Manager | 2018-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-18460 | 1 Wp-livechat | 1 Wp Live Chat Support | 2018-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request. | |||||
| CVE-2018-15538 | 1 Agentejo | 1 Cockpit | 2018-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Agentejo Cockpit has multiple Cross-Site Scripting vulnerabilities. | |||||
| CVE-2018-17533 | 1 Teltonika | 6 Rut900, Rut900 Firmware, Rut950 and 3 more | 2018-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization. | |||||
| CVE-2018-18431 | 1 Destoon | 1 Destoon B2b | 2018-11-29 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DESTOON B2B 7.0. XSS exists via certain text boxes to the admin.php?moduleid=2&action=add URI. | |||||
| CVE-2018-18430 | 1 Destoon | 1 Destoon B2b | 2018-11-29 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to the admin.php URI. | |||||
| CVE-2018-18433 | 1 Destoon | 1 Destoon B2b | 2018-11-29 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DESTOON B2B 7.0. admin/category.inc.php has XSS via the category[catname] parameter to the admin.php URI. | |||||
| CVE-2018-18774 | 1 Centos-webpanel | 1 Centos Web Panel | 2018-11-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter. | |||||
| CVE-2017-5934 | 4 Canonical, Debian, Moinmo and 1 more | 4 Ubuntu Linux, Debian Linux, Moinmoin and 1 more | 2018-11-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-11559 | 1 Domainmod | 1 Domainmod | 2018-11-29 | 3.5 LOW | 5.4 MEDIUM |
| DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter. | |||||
| CVE-2018-11558 | 1 Domainmod | 1 Domainmod | 2018-11-29 | 3.5 LOW | 5.4 MEDIUM |
| DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter. | |||||
| CVE-2018-17337 | 1 Intelbras | 2 Nplug, Nplug Firmware | 2018-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast. | |||||
| CVE-2018-18270 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. | |||||
| CVE-2018-18282 | 1 Zeit | 1 Next.js | 2018-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page. | |||||
| CVE-2018-18296 | 1 Metinfo | 1 Metinfo | 2018-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action. | |||||
| CVE-2018-18259 | 1 Luya | 1 Luya Cms | 2018-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS has been discovered in version 1.0.12 of the LUYA CMS software via /admin/api-cms-nav/create-page. | |||||
| CVE-2018-18271 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. | |||||
| CVE-2018-18062 | 1 Tecrail | 1 Responsive Filemanager | 2018-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2018-18374 | 1 Metinfo | 1 Metinfo | 2018-11-27 | 3.5 LOW | 5.4 MEDIUM |
| XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter. | |||||
| CVE-2018-8488 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2018-11-27 | 3.5 LOW | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8498, CVE-2018-8518. | |||||
| CVE-2018-18208 | 1 Virtualmin | 1 Virtualmin | 2018-11-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Virtualmin 6.03 allows XSS via the query string, as demonstrated by the webmin_search.cgi URI. | |||||
| CVE-2018-15903 | 1 Claromentis | 1 Claromentis | 2018-11-26 | 3.5 LOW | 5.4 MEDIUM |
| The Discuss v1.2.1 module in Claromentis 8.2.2 is vulnerable to stored Cross Site Scripting (XSS). An authenticated attacker will be able to place malicious JavaScript in the discussion forum, which is present in the login landing page. A low privilege user can use this to steal the session cookies from high privilege accounts and hijack these, enabling them to hijack the elevated session and perform actions in their security context. | |||||
| CVE-2018-2470 | 1 Sap | 1 Netweaver | 2018-11-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-18087 | 1 Bixie | 1 Portfolio | 2018-11-24 | 3.5 LOW | 5.4 MEDIUM |
| The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user who has the "Manage portfolio" privilege can inject arbitrary web script or HTML via the Image URL field in the portfolio editor. The vulnerability is triggered by visiting /portfolio/${project_title}. | |||||
| CVE-2018-2472 | 1 Sap | 1 Businessobjects Bi Platform | 2018-11-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-2479 | 1 Sap | 1 Businessobjects Bi Platform | 2018-11-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (BIWorkspace), versions 4.1 and 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2016-4003 | 1 Apache | 1 Struts | 2018-11-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter. | |||||
| CVE-2015-5169 | 1 Apache | 1 Struts | 2018-11-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20. | |||||
| CVE-2018-17443 | 1 D-link | 1 Central Wifimanager | 2018-11-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS. | |||||
| CVE-2018-18069 | 1 Wpml | 1 Wpml | 2018-11-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php. | |||||