Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14976 | 1 Q-cms | 1 Qcms | 2018-10-03 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/category.php has XSS. | |||||
| CVE-2018-14975 | 1 Q-cms | 1 Qcms | 2018-10-03 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/album.php has XSS. | |||||
| CVE-2018-14974 | 1 Q-cms | 1 Qcms | 2018-10-03 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/news.php has XSS. | |||||
| CVE-2018-14972 | 1 Q-cms | 1 Qcms | 2018-10-03 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/down.php has XSS. | |||||
| CVE-2018-14973 | 1 Q-cms | 1 Qcms | 2018-10-03 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/product.php has XSS. | |||||
| CVE-2018-14970 | 1 Q-cms | 1 Qcms | 2018-10-03 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/slideshow.php has XSS. | |||||
| CVE-2018-14971 | 1 Q-cms | 1 Qcms | 2018-10-03 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/user.php has XSS. | |||||
| CVE-2018-14969 | 1 Q-cms | 1 Qcms | 2018-10-03 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/system.php has XSS. | |||||
| CVE-2018-14504 | 1 Mantisbt | 1 Mantisbt | 2018-10-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'foobar" onclick="alert(1)'). | |||||
| CVE-2018-14777 | 1 Dleviet | 1 Datalife Engine | 2018-10-02 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in DataLife Engine (DLE) through 13.0. An attacker can use XSS (related to the /addnews.html and /index.php?do=addnews URIs) to send a malicious script to unsuspecting Admins or users. | |||||
| CVE-2018-0614 | 1 Necplatforms | 16 Calsos Csdj-a, Calsos Csdj-a Firmware, Calsos Csdj-b and 13 more | 2018-10-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-14927 | 1 Matera | 1 Banco | 2018-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Matera Banco 1.0.0 is vulnerable to path traversal (allowing access to system files outside the default application folder) via the /contingency/servlet/ServletFileDownload file parameter, related to /contingency/web/receiptQuery/receiptDisplay.jsp. | |||||
| CVE-2018-14929 | 1 Matera | 1 Banco | 2018-10-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonstrated by the /contingency/web/index.jsp (aka home page) url parameter. | |||||
| CVE-2016-3124 | 1 Simplesamlphp | 1 Simplesamlphp | 2018-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors. | |||||
| CVE-2016-9955 | 2 Debian, Simplesamlphp | 2 Debian Linux, Simplesamlphp | 2018-10-02 | 4.0 MEDIUM | 6.3 MEDIUM |
| The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean. | |||||
| CVE-2018-14924 | 1 Matera | 1 Banco | 2018-10-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Matera Banco 1.0.0 is vulnerable to multiple stored XSS, as demonstrated by the sca/privilegio/consultarUsuario.jsf "Nome Completo" (aka user fullname) field. | |||||
| CVE-2018-1999031 | 1 Jenkins | 1 Meliora Testlab | 2018-10-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| An exposure of sensitive information vulnerability exists in Jenkins meliora-testlab Plugin 1.14 and earlier in TestlabNotifier.java that allows attackers with file system access to the Jenkins master to obtain the API key stored in this plugin's configuration. | |||||
| CVE-2018-1999029 | 1 Jenkins | 1 Shelve Project | 2018-10-01 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability exists in Jenkins Shelve Project Plugin 1.5 and earlier in ShelveProjectAction/index.jelly, ShelvedProjectsAction/index.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. | |||||
| CVE-2018-11044 | 1 Pivotal Software | 1 Pivotal Application Service | 2018-10-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. A malicious authenticated user can inject content into an invite to another user, exploiting the trust implied by the source of the email. | |||||
| CVE-2018-12944 | 1 Seeddms | 1 Seeddms | 2018-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent Cross-Site Scripting (XSS) vulnerability in the "Categories" feature in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the name field. | |||||
| CVE-2018-14835 | 1 Subrion | 1 Subrion Cms | 2018-09-28 | 3.5 LOW | 5.4 MEDIUM |
| Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple areas. | |||||
| CVE-2018-14838 | 1 Rejucms Project | 1 Rejucms | 2018-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| rejucms 2.1 has stored XSS via the admin/book.php content parameter. | |||||
| CVE-2018-12939 | 1 Seeddms | 1 Seeddms | 2018-09-28 | 5.5 MEDIUM | 6.5 MEDIUM |
| A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows an authenticated attacker to write to (or potentially delete) arbitrary files via a .. (dot dot) in the "op/op.UploadChunks.php" "qquuid" parameter. NOTE: this can be leveraged to execute arbitrary code by using CVE-2018-12940. | |||||
| CVE-2018-14686 | 1 Xycms Project | 1 Xycms | 2018-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| system/edit_book.php in XYCMS 1.7 has stored XSS via a crafted add_do.php request, related to add_book.php. | |||||
| CVE-2018-7649 | 1 Fibranet | 1 Monitorix | 2018-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Monitorix before 3.10.1 allows XSS via CGI variables. | |||||
| CVE-2018-14497 | 1 Tendacn | 2 D152, D152 Firmware | 2018-09-28 | 3.5 LOW | 5.4 MEDIUM |
| Tenda D152 ADSL routers allow XSS via a crafted SSID. | |||||
| CVE-2015-0787 | 1 Netiq | 1 Identity Manager | 2018-09-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI. | |||||
| CVE-2016-1592 | 1 Netiq | 1 Identity Manager | 2018-09-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI. | |||||
| CVE-2018-14776 | 1 Clickstudios | 1 Passwordstate | 2018-09-27 | 3.5 LOW | 5.4 MEDIUM |
| Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded HTML document. | |||||
| CVE-2018-14541 | 1 Readymadeb2bscript | 1 Basic B2b | 2018-09-27 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields. | |||||
| CVE-2017-6213 | 1 Paypal | 1 Php Invoice Sdk | 2018-09-27 | 3.5 LOW | 5.4 MEDIUM |
| paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution. | |||||
| CVE-2017-6215 | 1 Paypal | 1 Php Permissions Sdk | 2018-09-27 | 3.5 LOW | 5.4 MEDIUM |
| paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution. | |||||
| CVE-2018-14873 | 1 Rincewind Project | 1 Rincewind | 2018-09-27 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Rincewind 0.1. There is a cross-site scripting (XSS) vulnerability involving a p=account request to index.php and another file named commonPages.php. | |||||
| CVE-2018-14904 | 1 Samsung | 1 Syncthru Web Service | 2018-09-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid. | |||||
| CVE-2018-14877 | 1 Weaselcms Project | 1 Weaselcms | 2018-09-27 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page. | |||||
| CVE-2018-14936 | 1 Mylittleforum | 1 My Little Forum | 2018-09-27 | 3.5 LOW | 4.8 MEDIUM |
| The Add page option in my little forum 2.4.12 allows XSS via the Title field. | |||||
| CVE-2018-14937 | 1 Mylittleforum | 1 My Little Forum | 2018-09-27 | 3.5 LOW | 4.8 MEDIUM |
| The Add page option in my little forum 2.4.12 allows XSS via the Menu Link field. | |||||
| CVE-2018-14906 | 1 3cx | 1 3cx Web Server | 2018-09-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters. | |||||
| CVE-2018-14905 | 1 3cx | 1 3cx Web Server | 2018-09-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter. | |||||
| CVE-2018-16772 | 1 Hoosk | 1 Hoosk | 2018-09-24 | 3.5 LOW | 4.8 MEDIUM |
| Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new. | |||||
| CVE-2018-16773 | 1 Easycms | 1 Easycms | 2018-09-24 | 3.5 LOW | 4.8 MEDIUM |
| EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field. | |||||
| CVE-2018-14493 | 1 Opmantek | 1 Open-audit | 2018-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name. | |||||
| CVE-2018-0654 | 1 Weseek | 1 Growi | 2018-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the modal for creating Wiki page. | |||||
| CVE-2018-0655 | 1 Weseek | 1 Growi | 2018-09-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the app settings section of admin page. | |||||
| CVE-2018-0653 | 1 Weseek | 1 Growi | 2018-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via Wiki page view. | |||||
| CVE-2018-0652 | 1 Weseek | 1 Growi | 2018-09-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page. | |||||
| CVE-2017-18104 | 1 Atlassian | 1 Jira | 2018-09-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not be sent because they are not contained within the results of a specified JQL query. | |||||
| CVE-2018-1999015 | 1 Ffmpeg | 1 Ffmpeg | 2018-09-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later. | |||||
| CVE-2018-1999020 | 1 Opennetworking | 1 Onos | 2018-09-20 | 5.8 MEDIUM | 5.5 MEDIUM |
| Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier version contains a Directory Traversal vulnerability in core/common/src/main/java/org/onosproject/common/app/ApplicationArchive.java line 35 that can result in arbitrary file deletion (overwrite). This attack appear to be exploitable via a specially crafted zip file should be uploaded. | |||||
| CVE-2018-1999013 | 1 Ffmpeg | 1 Ffmpeg | 2018-09-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This vulnerability appears to have been fixed in a7e032a277452366771951e29fd0bf2bd5c029f0 and later. | |||||