Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18635 | 1 Mailcleaner | 1 Mailcleaner | 2018-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO. | |||||
| CVE-2018-18720 | 1 Yunucms | 1 Yunucms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in index.php/admin/system/basic in YUNUCMS 1.1.5. | |||||
| CVE-2018-18721 | 1 Yunucms | 1 Yunucms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5. | |||||
| CVE-2018-18722 | 1 Yunucms | 1 Yunucms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in admin/content/editcontent?id=29&gopage=1 in YUNUCMS 1.1.5. | |||||
| CVE-2018-18723 | 1 Yunucms | 1 Yunucms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in index.php/admin/area/editarea/id/110000 in YUNUCMS 1.1.5. | |||||
| CVE-2018-18724 | 1 Yunucms | 1 Yunucms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in index.php/admin/category/editcategory?id=73 in YUNUCMS 1.1.5. | |||||
| CVE-2018-18725 | 1 Yunucms | 1 Yunucms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in admin/banner/editbanner?id=20 in YUNUCMS 1.1.5. | |||||
| CVE-2018-12901 | 1 Mitel | 2 St, St Firmware | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | |||||
| CVE-2018-18621 | 1 Communigate | 1 Communigate Pro | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! Mail Composer, which is mishandled in /MIME/INBOX-MM-1/ if the raw email link (in .txt format) is modified and then renamed with a .html or .wssp extension. | |||||
| CVE-2018-18726 | 1 Yunucms | 1 Yunucms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in admin/sitelink/editsitelink?id=16 in YUNUCMS 1.1.5. | |||||
| CVE-2018-18745 | 1 Sem-cms | 1 Semcms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Menu.php?lgid=1 during editing. | |||||
| CVE-2018-18743 | 1 Sem-cms | 1 Semcms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in SEMCMS 3.4 via the second text field to the admin/SEMCMS_Categories.php?pid=1&lgid=1 URI. | |||||
| CVE-2018-18741 | 1 Sem-cms | 1 Semcms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Download.php?lgid=1 during editing. | |||||
| CVE-2018-18744 | 1 Sem-cms | 1 Semcms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in SEMCMS 3.4 via the fifth text box to the admin/SEMCMS_Main.php URI. | |||||
| CVE-2018-18738 | 1 Sem-cms | 1 Semcms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Categories.php?pid=1&lgid=1 category_key parameter. | |||||
| CVE-2018-18739 | 1 Sem-cms | 1 Semcms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Products.php?lgid=1 Keywords field. | |||||
| CVE-2018-18740 | 1 Sem-cms | 1 Semcms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in SEMCMS 3.4 via the first input field to the admin/SEMCMS_Link.php?lgid=1 URI. | |||||
| CVE-2015-4631 | 1 Koha | 1 Koha | 2018-12-04 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to inject arbitrary web script or HTML via the (1) tag parameter to opac-search.pl; the (2) value parameter to authorities/authorities-home.pl; the (3) delay parameter to acqui/lateorders.pl; the (4) authtypecode or (5) tagfield to admin/auth_subfields_structure.pl; the (6) tagfield parameter to admin/marc_subfields_structure.pl; the (7) limit parameter to catalogue/search.pl; the (8) bookseller_filter, (9) callnumber_filter, (10) EAN_filter, (11) ISSN_filter, (12) publisher_filter, or (13) title_filter parameter to serials/serials-search.pl; or the (14) author, (15) collectiontitle, (16) copyrightdate, (17) isbn, (18) manageddate_from, (19) manageddate_to, (20) publishercode, (21) suggesteddate_from, or (22) suggesteddate_to parameter to suggestion/suggestion.pl; or the (23) direction, (24) display or (25) addshelf parameter to opac-shelves.pl. | |||||
| CVE-2018-18622 | 1 Bijiadao | 1 Waimai Super Cms | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Waimai Super Cms 20150505. There is XSS via the index.php?m=public&a=doregister username parameter. | |||||
| CVE-2018-18290 | 1 Nconsulting | 1 Nc-cms | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| ** DISPUTED ** An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html&name=home_content allows XSS via the HTML Source Editor. NOTE: the vendor disputes this because the form requires administrator privileges, and entering JavaScript is supported functionality. | |||||
| CVE-2018-18291 | 1 Asus | 2 Rt-ac58u, Rt-ac58u Firmware | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 devices allows remote attackers to inject arbitrary web script or HTML via Advanced_ASUSDDNS_Content.asp, Advanced_WSecurity_Content.asp, Advanced_Wireless_Content.asp, Logout.asp, Main_Login.asp, MobileQIS_Login.asp, QIS_wizard.htma, YandexDNS.asp, ajax_status.xml, apply.cgi, clients.asp, disk.asp, disk_utility.asp, or internet.asp. | |||||
| CVE-2018-18324 | 1 Centos-webpanel | 1 Centos Web Panel | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_current_dir parameter, or the admin/index.php module, service_start, service_fullstatus, service_restart, service_stop, or file (within the file_editor) parameter. | |||||
| CVE-2018-18416 | 1 Pokkho | 1 Lango | 2018-12-04 | 3.5 LOW | 4.8 MEDIUM |
| LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the site_name parameter to the admin/settings/update URI. | |||||
| CVE-2018-18553 | 1 Leanote | 1 Leanote | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page. | |||||
| CVE-2018-15315 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a reflected Cross Site Scripting (XSS) vulnerability in an undisclosed Configuration Utility page. | |||||
| CVE-2018-15314 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page. | |||||
| CVE-2012-4533 | 2 Debian, Viewvc | 2 Debian Linux, Viewvc | 2018-12-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line. | |||||
| CVE-2018-18547 | 1 Vestacp | 1 Control Panel | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI. | |||||
| CVE-2018-18636 | 1 D-link | 2 Dsl-2640t, Dsl-2640t Firmware | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:RelaodHref or var:conid parameter. | |||||
| CVE-2018-18478 | 1 Librenms | 1 Librenms | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML via the dashboard_name parameter in the /ajax_form.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php, and html/includes/forms/edit-dashboard.inc.php. | |||||
| CVE-2018-18417 | 1 Creativeitem | 1 Ekushey Project Manager | 2018-12-04 | 3.5 LOW | 5.4 MEDIUM |
| In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI. | |||||
| CVE-2018-18419 | 1 Ardawan | 1 User Management | 2018-12-04 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI. | |||||
| CVE-2018-18608 | 1 Dedecms | 1 Dedecms | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php. | |||||
| CVE-2018-18437 | 1 Axiositalia | 1 Registro Elettronico | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter. | |||||
| CVE-2018-18540 | 1 Teakki | 1 Teakki | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL. | |||||
| CVE-2018-15313 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page. | |||||
| CVE-2018-15703 | 1 Advantech | 1 Webaccess | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser. | |||||
| CVE-2018-18578 | 1 Dedecms | 1 Dedecms | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter. | |||||
| CVE-2018-18782 | 1 Dedecms | 1 Dedecms | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter. | |||||
| CVE-2018-18781 | 1 Dedecms | 1 Dedecms | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter. | |||||
| CVE-2018-18579 | 1 Dedecms | 1 Dedecms | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter. | |||||
| CVE-2018-18361 | 1 Nconsulting | 1 Nc-cms | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html allows XSS via the name parameter, as demonstrated by a value beginning with home_content and containing a crafted SRC attribute of an IMG element. | |||||
| CVE-2018-15312 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an authenticated user to execute JavaScript for the currently logged-in user. | |||||
| CVE-2018-18372 | 1 Kaasoft | 1 Library Cms | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Stored XSS vulnerability has been discovered in KAASoft Library CMS - Powerful Book Management System 2.1.1 via the /admin/book/create/ title parameter. | |||||
| CVE-2014-6071 | 1 Jquery | 1 Jquery | 2018-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after. | |||||
| CVE-2018-17964 | 1 Aryanic | 1 Highportal | 2018-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Aryanic HighPortal 12.5 has XSS via an Add Tags action. | |||||
| CVE-2018-15969 | 1 Adobe | 1 Experience Manager | 2018-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-15970 | 1 Adobe | 1 Experience Manager | 2018-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-15971 | 1 Adobe | 1 Experience Manager | 2018-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-15972 | 1 Adobe | 1 Experience Manager | 2018-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||