Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1588 | 1 Open-xchange | 2 Open-xchange Appsuite, Open-xchange Server | 2018-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21. | |||||
| CVE-2014-2045 | 1 Viprinet | 2 Multichannel Vpn Router 300, Multichannel Vpn Router 300 Firmware | 2018-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool. | |||||
| CVE-2014-2297 | 1 Videowhisper | 1 Videowhisper Live Streaming Integration | 2018-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. NOTE: vector 1 may overlap CVE-2014-1906.4. | |||||
| CVE-2014-2710 | 1 Oliver Project | 1 Oliver | 2018-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Oliver (formerly Webshare) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the (1) login page (index.php) or (2) login form (loginform-inc.php). | |||||
| CVE-2018-15184 | 1 Naukri Clone Script Project | 1 Naukri Clone Script | 2018-10-09 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 has Stored XSS via the USERNAME field, a related issue to CVE-2018-6795. | |||||
| CVE-2016-8527 | 1 Hp | 1 Airwave | 2018-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into AirWave in the same browser. | |||||
| CVE-2018-15190 | 1 Hotel Booking Script Project | 1 Hotel Booking Script | 2018-10-06 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall hotel-booking-script 2.0.4 allows XSS via the First Name, Last Name, or Address field. | |||||
| CVE-2018-15189 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-10-05 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile. | |||||
| CVE-2018-14503 | 1 Coremail | 1 Coremail Xt | 2018-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in Coremail XT 3.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. | |||||
| CVE-2018-14837 | 1 Wolfcms | 1 Wolf Cms | 2018-10-05 | 3.5 LOW | 4.8 MEDIUM |
| Wolf CMS 0.8.3.1 has XSS in the Snippets tab, as demonstrated by a ?/admin/snippet/edit/1 URI. | |||||
| CVE-2016-4392 | 1 Hp | 1 Business Service Management | 2018-10-05 | 3.5 LOW | 5.4 MEDIUM |
| A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1. | |||||
| CVE-2018-15182 | 1 Car Rental Script Project | 1 Car Rental Script | 2018-10-05 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields. | |||||
| CVE-2018-15130 | 1 Thinksaas | 1 Thinksaas | 2018-10-05 | 3.5 LOW | 5.4 MEDIUM |
| ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter. | |||||
| CVE-2017-8991 | 1 Hp | 1 Centralview Fraud Risk Management | 2018-10-05 | 3.5 LOW | 5.4 MEDIUM |
| HPE has identified a cross site scripting (XSS) vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version. | |||||
| CVE-2018-7075 | 1 Hp | 1 Intelligent Management Center | 2018-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote cross-site scripting (XSS) vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT version v7.3 (E0506). The vulnerability is fixed in Intelligent Management Center PLAT 7.3 E0605P04 or subsequent version. | |||||
| CVE-2018-15129 | 1 Thinksaas | 1 Thinksaas | 2018-10-05 | 3.5 LOW | 5.4 MEDIUM |
| ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter. | |||||
| CVE-2018-15169 | 1 Zohocorp | 1 Manageengine Applications Manager | 2018-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter. | |||||
| CVE-2016-4400 | 1 Hp | 1 Network Node Manager I | 2018-10-04 | 3.5 LOW | 5.4 MEDIUM |
| A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS). | |||||
| CVE-2016-4399 | 1 Hp | 1 Network Node Manager I | 2018-10-04 | 3.5 LOW | 5.4 MEDIUM |
| A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS). | |||||
| CVE-2018-12943 | 1 Seeddms | 1 Seeddms | 2018-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in every page that includes the "action" URL parameter in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2018-13055 | 1 Mantisbt | 1 Mantisbt | 2018-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. | |||||
| CVE-2016-4406 | 1 Hp | 3 Integrated Lights-out, Integrated Lights-out 3 Firmware, Integrated Lights-out 4 Firmware | 2018-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote cross site scripting vulnerability was identified in HPE iLO 3 all version prior to v1.88 and HPE iLO 4 all versions prior to v2.44. | |||||
| CVE-2018-14964 | 1 Emlsoft Project | 1 Emlsoft | 2018-10-04 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in EMLsoft 5.4.5. XSS exists via the eml/upload/eml/?action=address&do=edit page. | |||||
| CVE-2018-14962 | 1 Zzcms | 1 Zzcms | 2018-10-04 | 3.5 LOW | 5.4 MEDIUM |
| zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php. | |||||
| CVE-2017-12614 | 1 Apache | 1 Airflow | 2018-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above. | |||||
| CVE-2018-14869 | 1 Php Template Store Script Project | 1 Php Template Store Script | 2018-10-04 | 3.5 LOW | 5.4 MEDIUM |
| PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile. | |||||
| CVE-2018-15199 | 1 Auracms | 1 Auracms | 2018-10-04 | 3.5 LOW | 5.4 MEDIUM |
| AuraCMS 2.3 allows XSS via a Bukutamu -> AddGuestbook action. | |||||
| CVE-2018-1155 | 1 Tenable | 1 Securitycenter | 2018-10-03 | 3.5 LOW | 5.4 MEDIUM |
| In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue. | |||||
| CVE-2018-12606 | 1 Gitlab | 1 Gitlab | 2018-10-03 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature. | |||||
| CVE-2018-12607 | 1 Gitlab | 1 Gitlab | 2018-10-03 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding. | |||||
| CVE-2018-12605 | 1 Gitlab | 1 Gitlab | 2018-10-03 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter. | |||||
| CVE-2018-14977 | 1 Q-cms | 1 Qcms | 2018-10-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest.php has XSS, as demonstrated by the name parameter, a different vulnerability than CVE-2018-8070. | |||||
| CVE-2018-14975 | 1 Q-cms | 1 Qcms | 2018-10-03 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/album.php has XSS. | |||||
| CVE-2018-14976 | 1 Q-cms | 1 Qcms | 2018-10-03 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/category.php has XSS. | |||||
| CVE-2018-14974 | 1 Q-cms | 1 Qcms | 2018-10-03 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/news.php has XSS. | |||||
| CVE-2018-14973 | 1 Q-cms | 1 Qcms | 2018-10-03 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/product.php has XSS. | |||||
| CVE-2018-14972 | 1 Q-cms | 1 Qcms | 2018-10-03 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/down.php has XSS. | |||||
| CVE-2018-14970 | 1 Q-cms | 1 Qcms | 2018-10-03 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/slideshow.php has XSS. | |||||
| CVE-2018-14971 | 1 Q-cms | 1 Qcms | 2018-10-03 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/user.php has XSS. | |||||
| CVE-2018-14969 | 1 Q-cms | 1 Qcms | 2018-10-03 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/system.php has XSS. | |||||
| CVE-2018-14504 | 1 Mantisbt | 1 Mantisbt | 2018-10-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'foobar" onclick="alert(1)'). | |||||
| CVE-2018-14777 | 1 Dleviet | 1 Datalife Engine | 2018-10-02 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in DataLife Engine (DLE) through 13.0. An attacker can use XSS (related to the /addnews.html and /index.php?do=addnews URIs) to send a malicious script to unsuspecting Admins or users. | |||||
| CVE-2018-0614 | 1 Necplatforms | 16 Calsos Csdj-a, Calsos Csdj-a Firmware, Calsos Csdj-b and 13 more | 2018-10-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-14929 | 1 Matera | 1 Banco | 2018-10-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonstrated by the /contingency/web/index.jsp (aka home page) url parameter. | |||||
| CVE-2018-14924 | 1 Matera | 1 Banco | 2018-10-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Matera Banco 1.0.0 is vulnerable to multiple stored XSS, as demonstrated by the sca/privilegio/consultarUsuario.jsf "Nome Completo" (aka user fullname) field. | |||||
| CVE-2018-1999029 | 1 Jenkins | 1 Shelve Project | 2018-10-01 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability exists in Jenkins Shelve Project Plugin 1.5 and earlier in ShelveProjectAction/index.jelly, ShelvedProjectsAction/index.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. | |||||
| CVE-2018-12944 | 1 Seeddms | 1 Seeddms | 2018-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent Cross-Site Scripting (XSS) vulnerability in the "Categories" feature in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the name field. | |||||
| CVE-2018-14835 | 1 Subrion | 1 Subrion Cms | 2018-09-28 | 3.5 LOW | 5.4 MEDIUM |
| Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple areas. | |||||
| CVE-2018-14838 | 1 Rejucms Project | 1 Rejucms | 2018-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| rejucms 2.1 has stored XSS via the admin/book.php content parameter. | |||||
| CVE-2018-14686 | 1 Xycms Project | 1 Xycms | 2018-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| system/edit_book.php in XYCMS 1.7 has stored XSS via a crafted add_do.php request, related to add_book.php. | |||||