Total
29268 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10382 | 1 Modx | 1 Modx Revolution | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| MODX Revolution 2.6.3 has XSS. | |||||
| CVE-2018-11472 | 1 Monstra | 1 Monstra | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php). | |||||
| CVE-2018-11553 | 1 Sgin | 1 Xiangyun Platform | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| SGIN.CN xiangyun platform V9.4.10 has XSS via the login_url parameter to /login.php. | |||||
| CVE-2018-11572 | 1 Clippercms | 1 Clippercms | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> Manage modules -> edit" action to the manager/ URI. | |||||
| CVE-2018-1415 | 1 Ibm | 1 Maximo Asset Management | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138821. | |||||
| CVE-2018-11522 | 1 Yosoro Project | 1 Yosoro | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Yosoro 1.0.4 has stored XSS. | |||||
| CVE-2018-11581 | 1 Brother | 4 Hl-l2340d, Hl-l2340d Firmware, Hl-l2380dw and 1 more | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability on Brother HL series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html. | |||||
| CVE-2018-10102 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag. | |||||
| CVE-2018-12255 | 1 Invoiceplane | 1 Invoiceplane | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in InvoicePlane 1.5.10 via the "Quote PDF Password(Optional)" field. | |||||
| CVE-2018-6380 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system. | |||||
| CVE-2017-1608 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Quality Manager | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132928. | |||||
| CVE-2018-10165 | 1 Tp-link | 1 Eap Controller | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This is fixed in version 2.6.1_Windows. | |||||
| CVE-2018-0356 | 1 Cisco | 1 Webex Meetings | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvi63757. | |||||
| CVE-2018-1000536 | 1 Getmedis | 1 Medis | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process vulnerability in Key name parameter on new key creation that can result in Unauthorized code execution in the victim's machine, within the rights of the running application. This attack appear to be exploitable via Victim is synchronizing data from the redis server which contains malicious key value. | |||||
| CVE-2018-7894 | 1 Eramba | 1 Eramba | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Eramba e1.0.6.033 has Reflected XSS in reviews/filterIndex/ThirdPartyRiskReview via the advanced_filter parameter (aka the Search Parameter). | |||||
| CVE-2018-6464 | 1 Mycolorway | 1 Simditor | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1. | |||||
| CVE-2018-8948 | 1 Misp-project | 1 Misp | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has multiple XSS issues via a malicious MISP module. | |||||
| CVE-2018-9015 | 1 Dsmall Project | 1 Dsmall | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| dsmall v20180320 allows XSS via the public/index.php/home/predeposit/index.html pdr_sn parameter (aka the CMS search box). | |||||
| CVE-2018-10029 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799. | |||||
| CVE-2018-11689 | 2 Hanwha-security, Samsung | 19 Hrd-1641, Hrd-1641 Firmware, Hrd-1642 and 16 more | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.) | |||||