Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19820 | 1 Infovista | 1 Vistaportal | 2019-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Roles.jsp" has reflected XSS via the ConnPoolName parameter. | |||||
| CVE-2018-19821 | 1 Infovista | 1 Vistaportal | 2019-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SecurityPolicies.jsp" has reflected XSS via the ConnPoolName parameter. | |||||
| CVE-2018-19822 | 1 Infovista | 1 Vistaportal | 2019-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SharedCriteria.jsp" has reflected XSS via the ConnPoolName or GroupId parameter. | |||||
| CVE-2018-19765 | 1 Infovista | 1 Vistaportal | 2019-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentPresentSpace.jsp" has reflected XSS via the ConnPoolName, GroupId, and ParentId parameters. | |||||
| CVE-2018-19771 | 1 Infovista | 1 Vistaportal | 2019-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentPool.jsp" has reflected XSS via the PropName parameter. | |||||
| CVE-2018-19769 | 1 Infovista | 1 Vistaportal | 2019-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "UserProperties.jsp" has reflected XSS via the ConnPoolName parameter. | |||||
| CVE-2018-19768 | 1 Infovista | 1 Vistaportal | 2019-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "SubPagePackages.jsp" has reflected XSS via the ConnPoolName and GroupId parameters. | |||||
| CVE-2018-19766 | 1 Infovista | 1 Vistaportal | 2019-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "GroupRessourceAdmin.jsp" has reflected XSS via the ConnPoolName parameter. | |||||
| CVE-2018-19649 | 1 Infovista | 1 Vistaportal | 2019-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in InfoVista VistaPortal SE Version 5.1 (build 51029). VPortal/mgtconsole/RolePermissions.jsp has reflected XSS via the ConnPoolName parameter. | |||||
| CVE-2018-19809 | 1 Infovista | 1 Vistaportal | 2019-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/GroupCopy.jsp" has reflected XSS via the ConnPoolName, GroupId, or type parameter. | |||||
| CVE-2018-19810 | 1 Infovista | 1 Vistaportal | 2019-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/GroupMove.jsp" has reflected XSS via the ConnPoolName, GroupId, or type parameter. | |||||
| CVE-2018-19814 | 1 Infovista | 1 Vistaportal | 2019-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Subscriptions.jsp" has reflected XSS via the ConnPoolName or GroupId parameter. | |||||
| CVE-2018-19819 | 1 Infovista | 1 Vistaportal | 2019-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Rights.jsp" has reflected XSS via the ConnPoolName parameter. | |||||
| CVE-2018-19816 | 1 Infovista | 1 Vistaportal | 2019-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/categorytree/ChooseCategory.jsp" has reflected XSS via the ConnPoolName parameter. | |||||
| CVE-2018-19815 | 1 Infovista | 1 Vistaportal | 2019-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/UserPopupAddNewProp.jsp" has reflected XSS via the ConnPoolName parameter. | |||||
| CVE-2018-19813 | 1 Infovista | 1 Vistaportal | 2019-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Subscribers.jsp" has reflected XSS via the ConnPoolName or GroupId parameter. | |||||
| CVE-2018-19812 | 1 Infovista | 1 Vistaportal | 2019-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SubFolderPackages.jsp" has reflected XSS via the GroupId parameter. | |||||
| CVE-2018-19811 | 1 Infovista | 1 Vistaportal | 2019-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Import.jsp" has reflected XSS via the ConnPoolName parameter. | |||||
| CVE-2018-19770 | 1 Infovista | 1 Vistaportal | 2019-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "Users.jsp" has reflected XSS via the ConnPoolName parameter. | |||||
| CVE-2018-19774 | 1 Infovista | 1 Vistaportal | 2019-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "PresentSpace.jsp" has reflected XSS via the GroupId and ConnPoolName parameters. | |||||
| CVE-2018-19772 | 1 Infovista | 1 Vistaportal | 2019-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentPresentSpace.jsp" has reflected XSS via the ConnPoolName, GroupId, and ParentId parameters. | |||||
| CVE-2018-19775 | 1 Infovista | 1 Vistaportal | 2019-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "Variables.jsp" has reflected XSS via the ConnPoolName and GroupId parameters. | |||||
| CVE-2018-9554 | 1 Google | 1 Android | 2019-01-02 | 2.1 LOW | 5.5 MEDIUM |
| In dumpExtractors of IMediaExtractor.cp, there is a possible disclosure of recently accessed media files due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-114770654. | |||||
| CVE-2018-18362 | 1 Symantec | 1 Norton Password Manager | 2019-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. | |||||
| CVE-2018-11067 | 2 Dell, Vmware | 3 Emc Avamar, Emc Integrated Data Protection Appliance, Vsphere Data Protection | 2019-01-02 | 5.8 MEDIUM | 6.1 MEDIUM |
| Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites. | |||||
| CVE-2018-17949 | 1 Microfocus | 1 Imanager | 2019-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross site scripting vulnerability in iManager prior to 3.1 SP2. | |||||
| CVE-2018-11750 | 1 Puppet | 1 Cisco Ios Module | 2019-01-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| Previous releases of the Puppet cisco_ios module did not validate a host's identity before starting a SSH connection. As of the 0.4.0 release of cisco_ios, host key checking is enabled by default. | |||||
| CVE-2018-19927 | 1 Zenitel | 2 Ip-stationweb, Ip-stationweb Firmware | 2019-01-02 | 3.5 LOW | 4.8 MEDIUM |
| Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases. | |||||
| CVE-2018-19926 | 1 Zenitel | 2 Ip-stationweb, Ip-stationweb Firmware | 2019-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO. | |||||
| CVE-2018-11077 | 2 Dell, Vmware | 3 Emc Avamar, Emc Integrated Data Protection Appliance, Vsphere Data Protection | 2018-12-31 | 7.2 HIGH | 6.7 MEDIUM |
| 'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege. | |||||
| CVE-2018-19630 | 1 Openwrt | 2 Lede, Openwrt | 2018-12-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI. | |||||
| CVE-2018-0679 | 1 Fxc | 20 Ae1021, Ae1021 Firmware, Ae1021pe and 17 more | 2018-12-31 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions) allows attacker with administrator rights to inject arbitrary web script or HTML via the administrative page. | |||||
| CVE-2018-19301 | 1 Tp4a | 1 Teleport | 2018-12-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted username is mishandled when an administrator later views the system log. | |||||
| CVE-2018-17952 | 1 Microfocus | 1 Edirectory | 2018-12-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross site scripting vulnerability in eDirectory prior to 9.1 SP2 | |||||
| CVE-2018-16226 | 1 Mitel | 1 Mivoice Office 400 | 2018-12-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page. A successful exploit could allow the attacker to execute arbitrary scripts to access sensitive browser-based information. | |||||
| CVE-2018-3696 | 1 Intel | 1 Raid Web Console 3 | 2018-12-31 | 2.1 LOW | 5.5 MEDIUM |
| Authentication bypass in the Intel RAID Web Console 3 for Windows before 4.186 may allow an unprivileged user to potentially gain administrative privileges via local access. | |||||
| CVE-2018-3699 | 1 Intel | 1 Raid Web Console 3 | 2018-12-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in the Intel RAID Web Console v3 for Windows may allow an unauthenticated user to elevate privilege via remote access. | |||||
| CVE-2018-19133 | 1 Flarum | 1 Flarum | 2018-12-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address. | |||||
| CVE-2018-19842 | 1 Radare | 1 Radare2 | 2018-12-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (stack-based buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2. | |||||
| CVE-2018-19843 | 1 Radare | 1 Radare2 | 2018-12-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2. | |||||
| CVE-2018-20461 | 1 Radare | 1 Radare2 | 2018-12-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c allows attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting a binary file. | |||||
| CVE-2018-20456 | 1 Radare | 1 Radare2 | 2018-12-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash in libr/util/strbuf.c via a stack-based buffer over-read) by crafting an input file, a related issue to CVE-2018-20455. | |||||
| CVE-2018-17256 | 1 Umbraco | 1 Umbraco Cms | 2018-12-31 | 3.5 LOW | 4.8 MEDIUM |
| Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). The vulnerability is exploited when updating or removing public access of a content. | |||||
| CVE-2018-20012 | 1 Phpcmf | 1 Phpcmf | 2018-12-31 | 3.5 LOW | 4.8 MEDIUM |
| PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI. | |||||
| CVE-2018-19919 | 1 Pixelimity | 1 Pixelimity | 2018-12-31 | 3.5 LOW | 4.8 MEDIUM |
| Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[title] parameter, as demonstrated by a crafted onload attribute of an SVG element. | |||||
| CVE-2018-19849 | 1 Yzmcms | 1 Yzmcms | 2018-12-31 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in YzmCMS 5.2. XSS exists via the admin/content/search.html searinfo parameter. | |||||
| CVE-2018-20476 | 1 S-cms | 1 S-cms | 2018-12-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in S-CMS 3.0. It allows XSS via the admin/demo.php T_id parameter. | |||||
| CVE-2018-7115 | 2 Hp, Microsoft | 2 Intelligent Management Center, Windows | 2018-12-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote buffer overflow in dbman.exe opcode 10001 on Windows. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions. | |||||
| CVE-2018-1002006 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2018-12-30 | 3.5 LOW | 4.8 MEDIUM |
| These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes | |||||
| CVE-2017-16910 | 2 Canonical, Libraw | 2 Ubuntu Linux, Libraw | 2018-12-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition. | |||||