Total
29270 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0093 | 1 Cisco | 1 Web Security Appliance | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf37392. | |||||
| CVE-2018-1000088 | 1 Doorkeeper Project | 1 Doorkeeper | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be exploitable via The victim must be tricked to click an opaque link to the web view that runs the XSS payload. A malicious version virtually indistinguishable from a normal link.. This vulnerability appears to have been fixed in 4.2.6, 4.3.0. | |||||
| CVE-2018-5307 | 1 Sonatype | 1 Nexus Repository Manager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality. | |||||
| CVE-2016-8522 | 1 Hp | 1 Diagnostics | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found. | |||||
| CVE-2018-6357 | 1 Acurax | 1 Social Media Widget | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| The acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS. | |||||
| CVE-2017-18086 | 1 Atlassian | 1 Confluence | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter. | |||||
| CVE-2017-16019 | 1 Gitbook | 1 Gitbook | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| GitBook is a command line tool (and Node.js library) for building beautiful books using GitHub/Git and Markdown (or AsciiDoc). Stored Cross-Site-Scripting (XSS) is possible in GitBook before 3.2.2 by including code outside of backticks in any ebook. This code will be executed on the online reader. | |||||
| CVE-2018-10135 | 1 Iscripts | 1 Eswap | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel. | |||||
| CVE-2018-11709 | 1 Gvectors | 1 Wpforo Forum | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI. | |||||
| CVE-2018-11501 | 1 Website Seller Script Project | 1 Website Seller Script | 2024-02-04 | 6.0 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS. | |||||
| CVE-2018-11647 | 1 Oauth2orize-fprm Project | 1 Oauth2orize-fprm | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| index.js in oauth2orize-fprm before 0.2.1 has XSS via a crafted URL. | |||||
| CVE-2018-10430 | 1 Dilicms | 1 Dilicms | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a Stored XSS Vulnerability in the fourth textbox of "System setting->site setting" of admin/index.php. | |||||
| CVE-2018-0145 | 1 Cisco | 1 Data Center Analytics Framework | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information on the affected system. Cisco Bug IDs: CSCvg45105. | |||||
| CVE-2017-7438 | 1 Netiq | 1 Privileged Account Manager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied cookie parameter. | |||||
| CVE-2018-1000521 | 1 Bigtreecms | 1 Bigtree Cms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in /users/create that can result in The low-privileged users can use this vulnerability to attack high-privileged(Developer) users.. This attack appear to be exploitable via no. This vulnerability appears to have been fixed in after commit b652cfdc14d0670c81ac4401ad5a04376745c279. | |||||
| CVE-2018-10301 | 1 Web-dorado | 1 Wd Instagram Feed | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 Premium for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in a comment on an Instagram post. | |||||
| CVE-2018-12656 | 1 Slims Akasia Project | 1 Slims Akasia | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) exists in the Membership module in SLiMS 8 Akasia 8.3.1 via an admin/modules/membership/index.php?keywords= URI. | |||||
| CVE-2018-10817 | 1 Severalnines | 1 Clustercontrol | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Severalnines ClusterControl before 1.6.0-4699 allows XSS. | |||||
| CVE-2018-11326 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a XSS attack. | |||||
| CVE-2018-8915 | 1 Synology | 1 Calendar | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter. | |||||