Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17256 | 1 Umbraco | 1 Umbraco Cms | 2018-12-31 | 3.5 LOW | 4.8 MEDIUM |
| Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). The vulnerability is exploited when updating or removing public access of a content. | |||||
| CVE-2018-20012 | 1 Phpcmf | 1 Phpcmf | 2018-12-31 | 3.5 LOW | 4.8 MEDIUM |
| PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI. | |||||
| CVE-2018-19919 | 1 Pixelimity | 1 Pixelimity | 2018-12-31 | 3.5 LOW | 4.8 MEDIUM |
| Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[title] parameter, as demonstrated by a crafted onload attribute of an SVG element. | |||||
| CVE-2018-19849 | 1 Yzmcms | 1 Yzmcms | 2018-12-31 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in YzmCMS 5.2. XSS exists via the admin/content/search.html searinfo parameter. | |||||
| CVE-2018-20476 | 1 S-cms | 1 S-cms | 2018-12-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in S-CMS 3.0. It allows XSS via the admin/demo.php T_id parameter. | |||||
| CVE-2018-1002006 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2018-12-30 | 3.5 LOW | 4.8 MEDIUM |
| These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes | |||||
| CVE-2018-20017 | 1 Sem-cms | 1 Semcms | 2018-12-28 | 3.5 LOW | 4.8 MEDIUM |
| SEMCMS 3.5 has XSS via the first text box to the SEMCMS_Main.php URI. | |||||
| CVE-2018-7810 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2018-12-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to craft a URL containing JavaScript that will be executed within the user's browser, potentially impacting the machine the browser is running on. | |||||
| CVE-2018-1002005 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2018-12-28 | 3.5 LOW | 4.8 MEDIUM |
| These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter. | |||||
| CVE-2018-19750 | 1 Domainmod | 1 Domainmod | 2018-12-27 | 3.5 LOW | 5.4 MEDIUM |
| DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields. | |||||
| CVE-2018-1002007 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2018-12-27 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id. | |||||
| CVE-2018-1002008 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2018-12-27 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable. | |||||
| CVE-2018-1002004 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2018-12-27 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. | |||||
| CVE-2018-1002003 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2018-12-27 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. | |||||
| CVE-2018-1002002 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2018-12-27 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. | |||||
| CVE-2018-1002001 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2018-12-27 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. | |||||
| CVE-2018-1002009 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2018-12-27 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable. | |||||
| CVE-2018-12480 | 1 Microfocus | 1 Access Manager | 2018-12-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3. | |||||
| CVE-2018-19877 | 1 Adiscon | 1 Loganalyzer | 2018-12-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field. | |||||
| CVE-2018-11348 | 1 Yunohost | 1 Yunohost | 2018-12-27 | 3.5 LOW | 5.4 MEDIUM |
| Two XSS vulnerabilities are located in the profile edition page of the user panel of the YunoHost 2.7.2 through 2.7.14 web application. By injecting a JavaScript payload, these flaws could be used to manipulate a user's session. | |||||
| CVE-2018-19693 | 1 Tp5cms Project | 1 Tp5cms | 2018-12-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the title parameter. | |||||
| CVE-2018-19785 | 1 Php-proxy | 1 Php-proxy | 2018-12-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php. | |||||
| CVE-2018-19527 | 1 I4 | 1 Ai Si Assistant | 2018-12-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings. | |||||
| CVE-2018-0716 | 1 Qnap | 1 Qts | 2018-12-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application. | |||||
| CVE-2018-13323 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2018-12-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie. | |||||
| CVE-2018-19794 | 1 Internet2 | 1 Grouper | 2018-12-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in UiV2Public.index in Internet2 Grouper 2.2 and 2.3 allows remote attackers to inject arbitrary web script or HTML via the code parameter. | |||||
| CVE-2018-13022 | 1 Mi | 2 Mi Router 3, Miwifi Os | 2018-12-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path. | |||||
| CVE-2018-18642 | 1 Gitlab | 1 Gitlab | 2018-12-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has XSS. | |||||
| CVE-2018-19892 | 1 Domainmod | 1 Domainmod | 2018-12-21 | 3.5 LOW | 4.8 MEDIUM |
| DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field. | |||||
| CVE-2018-19749 | 1 Domainmod | 1 Domainmod | 2018-12-21 | 3.5 LOW | 4.8 MEDIUM |
| DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field. | |||||
| CVE-2018-19751 | 1 Domainmod | 1 Domainmod | 2018-12-21 | 3.5 LOW | 4.8 MEDIUM |
| DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields. | |||||
| CVE-2018-19752 | 1 Domainmod | 1 Domainmod | 2018-12-21 | 3.5 LOW | 4.8 MEDIUM |
| DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar. | |||||
| CVE-2018-19913 | 1 Domainmod | 1 Domainmod | 2018-12-21 | 3.5 LOW | 4.8 MEDIUM |
| DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field. | |||||
| CVE-2018-12310 | 1 Asustor | 2 As602t, Data Master | 2018-12-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature. | |||||
| CVE-2018-12311 | 1 Asustor | 2 As602t, Data Master | 2018-12-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename. | |||||
| CVE-2018-12305 | 1 Asustor | 1 Data Master | 2018-12-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript. | |||||
| CVE-2018-13360 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter. | |||||
| CVE-2018-14704 | 1 Drobo | 2 5n2, 5n2 Firmware | 2018-12-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via a malformed URL path. | |||||
| CVE-2018-13317 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2018-12-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm. | |||||
| CVE-2018-13331 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames. | |||||
| CVE-2018-14698 | 1 Drobo | 2 5n2, 5n2 Firmware | 2018-12-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the "username" URL parameter. | |||||
| CVE-2018-14697 | 1 Drobo | 2 5n2, 5n2 Firmware | 2018-12-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the username URL parameter. | |||||
| CVE-2018-13357 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-19 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names. | |||||
| CVE-2018-16096 | 1 Lenovo | 8 System Management Module Firmware, Thinkagile Hx Enclosure 7x81, Thinkagile Hx Enclosure 7y87 and 5 more | 2018-12-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| In System Management Module (SMM) versions prior to 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for cross-site scripting. | |||||
| CVE-2018-13351 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-19 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form. | |||||
| CVE-2018-13349 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username. | |||||
| CVE-2018-13335 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-19 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions. | |||||
| CVE-2018-13333 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames. | |||||
| CVE-2018-13329 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter. | |||||
| CVE-2018-13334 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter. | |||||