Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-2466 | 1 Sap | 1 Data Services | 2018-11-23 | 3.5 LOW | 5.4 MEDIUM |
| In Impact and Lineage Analysis in SAP Data Services, version 4.2, the management console does not sufficiently validate user-controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-18029 | 1 Naviwebs | 1 Navigate Cms | 2018-11-23 | 3.5 LOW | 5.4 MEDIUM |
| Navigate CMS has Stored XSS via the navigate.php Title field in an edit action. | |||||
| CVE-2018-18082 | 1 Bijiadao | 1 Waimai Super Cms | 2018-11-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI. | |||||
| CVE-2018-18198 | 1 Redaxo | 1 Redaxo | 2018-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=[XSS] request. | |||||
| CVE-2018-17441 | 1 D-link | 1 Central Wifimanager | 2018-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS. | |||||
| CVE-2018-18199 | 1 Redaxo | 1 Redaxo | 2018-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mediamanager in REDAXO before 5.6.4 has XSS. | |||||
| CVE-2018-18210 | 1 Dilicms | 1 Dilicms | 2018-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_url parameter. | |||||
| CVE-2018-18209 | 1 Dilicms | 1 Dilicms | 2018-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_type parameter. | |||||
| CVE-2018-0657 | 2 Ec-cube, Gmo-pg | 3 Ec-cube, Ec-cube Payment Module, Gmo-pg Payment Module | 2018-11-20 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE (EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, and GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier) allow an attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-16456 | 1 Phpscriptsmall | 1 Website Seller Script | 2018-11-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a keyword. NOTE: This may overlap with CVE-2018-6870 which has XSS via the Listings Search feature. | |||||
| CVE-2018-16326 | 1 Phpscriptsmall | 1 Olx Clone | 2018-11-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Olx Clone 3.4.2 has XSS. | |||||
| CVE-2018-16453 | 1 Domain Lookup Script Project | 1 Domain Lookup Script | 2018-11-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Domain Lookup Script 3.0.5 allows XSS in the search bar. | |||||
| CVE-2018-16050 | 1 Gitlab | 1 Gitlab | 2018-11-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View. | |||||
| CVE-2018-17849 | 1 Naviwebs | 1 Navigate Cms | 2018-11-19 | 3.5 LOW | 5.4 MEDIUM |
| Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka File Upload) request with a multipart/form-data JavaScript payload. | |||||
| CVE-2015-9273 | 1 Wp-slimstat | 1 Slimstat Analytics | 2018-11-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking. | |||||
| CVE-2018-17946 | 1 Tribulant | 1 Slideshow Gallery | 2018-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter. | |||||
| CVE-2018-17876 | 1 Web-feet | 1 Coaster Cms | 2018-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Stored XSS vulnerability has been discovered in the v5.5.0 version of the Coaster CMS product. | |||||
| CVE-2018-17947 | 1 Atmist | 1 Snazzy Maps | 2018-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Snazzy Maps plugin before 1.1.5 for WordPress has XSS via the text or tab parameter. | |||||
| CVE-2018-17886 | 1 Jeesns | 1 Jeesns | 2018-11-16 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a <svg/onLoad=confirm substring. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-12429. | |||||
| CVE-2018-17596 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2018-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter. | |||||
| CVE-2018-17595 | 1 Fork-cms | 1 Fork Cms | 2018-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI. | |||||
| CVE-2018-17868 | 1 Dasan | 2 H660gw, H660gw Firmware | 2018-11-16 | 3.5 LOW | 4.8 MEDIUM |
| DASAN H660GW devices have Stored XSS in the Port Forwarding functionality. | |||||
| CVE-2018-9081 | 1 Lenovo | 40 Ez Media \& Backup Center, Ez Media \& Backup Center Firmware, Ix2 and 37 more | 2018-11-16 | 2.6 LOW | 4.7 MEDIUM |
| For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger. | |||||
| CVE-2018-17884 | 1 Gwolle Guestbook Project | 1 Gwolle Guestbook | 2018-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (gwolle-gb) plugin before 2.5.4 for WordPress via the PATH_INFO to wp-admin/index.php | |||||
| CVE-2018-12806 | 1 Adobe | 1 Experience Manager | 2018-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-5005 | 1 Adobe | 1 Experience Manager | 2018-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a Cross-site Scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-11581 | 1 Brother | 4 Hl-l2340d, Hl-l2340d Firmware, Hl-l2380dw and 1 more | 2018-11-16 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability on Brother HL series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html. | |||||
| CVE-2018-18938 | 1 Wuzhicms | 1 Wuzhi Cms | 2018-11-16 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field. | |||||
| CVE-2018-15365 | 1 Trendmicro | 1 Deep Discovery Inspector | 2018-11-16 | 3.5 LOW | 5.4 MEDIUM |
| A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in order to exploit the vulnerability. | |||||
| CVE-2018-18939 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2018-11-15 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field. | |||||
| CVE-2018-17835 | 1 Get-simple | 1 Getsimple Cms | 2018-11-15 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI. | |||||
| CVE-2018-17587 | 1 Airties | 2 Air 5750, Air 5750 Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | |||||
| CVE-2018-17830 | 1 Redaxo | 1 Redaxo | 2018-11-15 | 3.5 LOW | 5.4 MEDIUM |
| The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[ substring. | |||||
| CVE-2018-17589 | 1 Airties | 2 Air 5650, Air 5650 Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| AirTies Air 5650 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | |||||
| CVE-2018-17588 | 1 Airties | 2 Air 5021, Air 5021 Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | |||||
| CVE-2018-17591 | 1 Airties | 2 Air 5343v2, Air 5343v2 Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | |||||
| CVE-2018-17590 | 1 Airties | 2 Air 5442, Air 5442 Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | |||||
| CVE-2018-17593 | 1 Airties | 2 Air 5453, Air 5453 Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | |||||
| CVE-2018-17594 | 1 Airties | 2 Air 5443v2, Air 5443v2 Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| AirTies Air 5443v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | |||||
| CVE-2018-17310 | 1 Ricoh | 2 Mp C1803 Jpn, Mp C1803 Jpn Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||
| CVE-2018-17312 | 1 Ricoh | 2 Aficio Mp 301spf, Aficio Mp 301spf Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||
| CVE-2018-17314 | 1 Ricoh | 2 Mp 305\+, Mp 305\+ Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||
| CVE-2018-17311 | 1 Ricoh | 2 Mp C6503, Mp C6503 Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||
| CVE-2018-17313 | 1 Ricoh | 2 Mp C307, Mp C307 Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||
| CVE-2018-17316 | 1 Ricoh | 2 Mp C6003, Mp C6003 Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||
| CVE-2018-17309 | 1 Ricoh | 2 Mp C406z, Mp C406zspf Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||
| CVE-2018-17315 | 1 Ricoh | 2 Mp C2003, Mp C2003sp Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the RICOH MP C2003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||
| CVE-2018-17571 | 1 Vanillaforums | 1 Vanilla | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Vanilla before 2.6.1 allows XSS via the email field of a profile. | |||||
| CVE-2018-6051 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2018-11-15 | 4.3 MEDIUM | 4.3 MEDIUM |
| XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page. | |||||
| CVE-2018-17053 | 1 Progress | 1 Sitefinity Cms | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17054. | |||||