Total
29271 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-4842 | 1 Siemens | 6 Scalance X200, Scalance X200 Firmware, Scalance X200 Irt and 3 more | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). A remote, authenticated attacker with access to the configuration web server could be able to store script code on the web site, if the HRP redundancy option is set. This code could be executed in the web browser of victims visiting this web site (XSS), affecting its confidentiality, integrity and availability. User interaction is required for successful exploitation, as the user needs to visit the manipulated web site. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it. | |||||
| CVE-2018-12355 | 1 Eng | 1 Knowage | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or description field to the "Olap Schemas' Catalogue" catalogue. | |||||
| CVE-2018-12272 | 1 Ximdex | 1 Ximdex | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| xowl/request.php in Ximdex 4.0 has XSS via the content parameter. | |||||
| CVE-2018-0612 | 1 5000 Trillion Yen Converter Project | 1 5000 Trillion Yen Converter | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in 5000 trillion yen converter v1.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-6013 | 1 Bigtreecms | 1 Bigtree Cms | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to inject arbitrary web script or HTML via the directory parameter. This issue exists in core/admin/ajax/developer/extensions/file-browser.php. | |||||
| CVE-2018-10994 | 1 Signal | 1 Signal-desktop | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL. | |||||
| CVE-2018-0537 | 1 Qqq Systems Project | 1 Qqq Systems | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via quiz_op.cgi. | |||||
| CVE-2018-0913 | 1 Microsoft | 2 Project Server, Sharepoint Enterprise Server | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | |||||
| CVE-2018-10075 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature. | |||||
| CVE-2018-7290 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1. | |||||
| CVE-2018-2399 | 1 Sap | 1 Process Monitoring Infrastructure | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs. | |||||
| CVE-2018-1507 | 1 Ibm | 1 Rational Doors Next Generation | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141415. | |||||
| CVE-2018-8899 | 1 Identityserver | 1 Identityserver4 | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations. | |||||
| CVE-2018-5228 | 1 Atlassian | 2 Crucible, Fisheye | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the handling of response headers. | |||||
| CVE-2018-5961 | 1 Centos-webpanel | 1 Centos Web Panel | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file. | |||||
| CVE-2017-18098 | 1 Atlassian | 1 Jira | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields. | |||||
| CVE-2017-1000506 | 1 Mautic | 1 Mautic | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code. | |||||
| CVE-2018-9844 | 1 Iptanus | 1 Wordpress File Upload | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS. | |||||
| CVE-2017-14800 | 1 Netiq | 1 Access Manager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated users. | |||||
| CVE-2018-6495 | 1 Microfocus | 3 Cms Server, Universal Cmdb, Universal Cmdb Browser | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). | |||||