Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7649 | 1 Fibranet | 1 Monitorix | 2018-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Monitorix before 3.10.1 allows XSS via CGI variables. | |||||
| CVE-2018-14497 | 1 Tendacn | 2 D152, D152 Firmware | 2018-09-28 | 3.5 LOW | 5.4 MEDIUM |
| Tenda D152 ADSL routers allow XSS via a crafted SSID. | |||||
| CVE-2016-1592 | 1 Netiq | 1 Identity Manager | 2018-09-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI. | |||||
| CVE-2015-0787 | 1 Netiq | 1 Identity Manager | 2018-09-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI. | |||||
| CVE-2018-14776 | 1 Clickstudios | 1 Passwordstate | 2018-09-27 | 3.5 LOW | 5.4 MEDIUM |
| Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded HTML document. | |||||
| CVE-2018-14541 | 1 Readymadeb2bscript | 1 Basic B2b | 2018-09-27 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields. | |||||
| CVE-2017-6213 | 1 Paypal | 1 Php Invoice Sdk | 2018-09-27 | 3.5 LOW | 5.4 MEDIUM |
| paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution. | |||||
| CVE-2017-6215 | 1 Paypal | 1 Php Permissions Sdk | 2018-09-27 | 3.5 LOW | 5.4 MEDIUM |
| paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution. | |||||
| CVE-2018-14873 | 1 Rincewind Project | 1 Rincewind | 2018-09-27 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Rincewind 0.1. There is a cross-site scripting (XSS) vulnerability involving a p=account request to index.php and another file named commonPages.php. | |||||
| CVE-2018-14904 | 1 Samsung | 1 Syncthru Web Service | 2018-09-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid. | |||||
| CVE-2018-14877 | 1 Weaselcms Project | 1 Weaselcms | 2018-09-27 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page. | |||||
| CVE-2018-14936 | 1 Mylittleforum | 1 My Little Forum | 2018-09-27 | 3.5 LOW | 4.8 MEDIUM |
| The Add page option in my little forum 2.4.12 allows XSS via the Title field. | |||||
| CVE-2018-14937 | 1 Mylittleforum | 1 My Little Forum | 2018-09-27 | 3.5 LOW | 4.8 MEDIUM |
| The Add page option in my little forum 2.4.12 allows XSS via the Menu Link field. | |||||
| CVE-2018-14905 | 1 3cx | 1 3cx Web Server | 2018-09-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter. | |||||
| CVE-2018-14906 | 1 3cx | 1 3cx Web Server | 2018-09-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters. | |||||
| CVE-2018-16772 | 1 Hoosk | 1 Hoosk | 2018-09-24 | 3.5 LOW | 4.8 MEDIUM |
| Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new. | |||||
| CVE-2018-16773 | 1 Easycms | 1 Easycms | 2018-09-24 | 3.5 LOW | 4.8 MEDIUM |
| EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field. | |||||
| CVE-2018-14493 | 1 Opmantek | 1 Open-audit | 2018-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name. | |||||
| CVE-2018-0654 | 1 Weseek | 1 Growi | 2018-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the modal for creating Wiki page. | |||||
| CVE-2018-0655 | 1 Weseek | 1 Growi | 2018-09-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the app settings section of admin page. | |||||
| CVE-2018-0653 | 1 Weseek | 1 Growi | 2018-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via Wiki page view. | |||||
| CVE-2018-0652 | 1 Weseek | 1 Growi | 2018-09-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page. | |||||
| CVE-2018-14430 | 1 Mondula | 1 Multi Step Form | 2018-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fw_data [id][1], fw_data [id][2], fw_data [id][3], fw_data [id][4], or email field of the contact form, exploitable with an fw_send_email action to wp-admin/admin-ajax.php. | |||||
| CVE-2018-1999016 | 1 Pydio | 1 Pydio | 2018-09-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pydio version 8.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in ./core/vendor/meenie/javascript-packer/example-inline.php line 48; ./core/vendor/dapphp/securimage/examples/test.mysql.static.php lines: 114,118 that can result in an unauthenticated remote attacker manipulating the web client via XSS code injection. This attack appear to be exploitable via the victim openning a specially crafted URL. This vulnerability appears to have been fixed in version 8.2.1. | |||||
| CVE-2018-1999024 | 1 Mathjax | 1 Mathjax | 2018-09-19 | 4.3 MEDIUM | 5.4 MEDIUM |
| MathJax version prior to version 2.7.4 contains a Cross Site Scripting (XSS) vulnerability in the \unicode{} macro that can result in Potentially untrusted Javascript running within a web browser. This attack appear to be exploitable via The victim must view a page where untrusted content is processed using Mathjax. This vulnerability appears to have been fixed in 2.7.4 and later. | |||||
| CVE-2018-1999021 | 1 Gleeztech | 1 Gleezcms | 2018-09-19 | 3.5 LOW | 5.4 MEDIUM |
| Gleezcms Gleez Cms version 1.3.0 contains a Cross Site Scripting (XSS) vulnerability in Profile page that can result in Inject arbitrary web script or HTML via the profile page editor. This attack appear to be exploitable via The victim must navigate to the attacker's profile page. | |||||
| CVE-2018-14527 | 1 Xiao5ucompany Project | 1 Xiao5ucompany | 2018-09-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient (for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements). | |||||
| CVE-2018-14606 | 1 Gitlab | 1 Gitlab | 2018-09-18 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion. | |||||
| CVE-2018-14604 | 1 Gitlab | 1 Gitlab | 2018-09-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline. | |||||
| CVE-2018-14605 | 1 Gitlab | 1 Gitlab | 2018-09-18 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit. | |||||
| CVE-2017-18343 | 1 Sensiolabs | 1 Symfony | 2018-09-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar. | |||||
| CVE-2018-1529 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2018-09-18 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through 6.0.5 and IBM Rational Requirements Composer 5.0 through 5.0.2 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142291. | |||||
| CVE-2018-14415 | 1 Icmsdev | 1 Icms | 2018-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen. | |||||
| CVE-2018-5232 | 1 Atlassian | 1 Jira | 2018-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuetype parameter. | |||||
| CVE-2018-14422 | 1 Sanscms | 1 Sanscms | 2018-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| blog/index.php in SansCMS 0.7 has XSS via the q parameter. | |||||
| CVE-2018-13387 | 1 Atlassian | 1 Jira | 2018-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter as the fix for CVE-2017-18039 was incomplete. | |||||
| CVE-2018-14380 | 1 Graylog | 1 Graylog | 2018-09-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and components/search/QueryInput.ts. | |||||
| CVE-2018-12429 | 1 Jeesns | 1 Jeesns | 2018-09-14 | 3.5 LOW | 5.4 MEDIUM |
| JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie. | |||||
| CVE-2018-14082 | 1 Freelancewebdesignerchennai | 1 Job Portal | 2018-09-14 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site Scripting (XSS) via the search bar. | |||||
| CVE-2018-14513 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2018-09-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[content] parameter to the index.php?m=feedback&f=index&v=contact URI. | |||||
| CVE-2018-14517 | 1 Seacms | 1 Seacms | 2018-09-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| SeaCMS 6.61 has two XSS issues in the admin_config.php file via certain form fields. | |||||
| CVE-2018-14419 | 1 Metinfo | 1 Metinfo | 2018-09-14 | 3.5 LOW | 4.8 MEDIUM |
| MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page. | |||||
| CVE-2018-14392 | 1 Mybb | 1 New Threads | 2018-09-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| The New Threads plugin before 1.2 for MyBB has XSS. | |||||
| CVE-2018-13832 | 1 Techotronic | 1 All In One Favicon | 2018-09-13 | 3.5 LOW | 4.8 MEDIUM |
| Multiple Persistent cross-site scripting (XSS) issues in the Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via Apple-Text, GIF-Text, ICO-Text, PNG-Text, or JPG-Text. | |||||
| CVE-2017-17541 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2018-09-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature. | |||||
| CVE-2018-5229 | 1 Atlassian | 1 Universal Plugin Manager | 2018-09-12 | 3.5 LOW | 5.4 MEDIUM |
| The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names. | |||||
| CVE-2018-14388 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2018-09-12 | 3.5 LOW | 5.4 MEDIUM |
| joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array parameter. | |||||
| CVE-2018-14382 | 1 Instantcms | 1 Instantcms | 2018-09-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| InstantCMS 2.10.1 has /redirect?url= XSS. | |||||
| CVE-2018-13865 | 1 Idreamsoft | 1 Icms | 2018-09-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism. | |||||
| CVE-2018-1000611 | 1 Openconext | 1 Openconext Engineblock | 2018-09-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| SURFnet OpenConext EngineBlock version 5.7.0 to 5.7.3 contains a Cross Site Scripting (XSS) vulnerability that can result in Allows an attacker to inject arbitrary web scripts or HTML into help and login pages. This attack appear to be exploitable via the victim opening a specially crafted URL. | |||||