Total
29264 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3726 | 1 Crud-file-server Project | 1 Crud-file-server | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names. | |||||
| CVE-2018-9120 | 1 Crea8social | 1 Crea8social | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post. | |||||
| CVE-2018-7543 | 1 Snapcreek | 1 Duplicator | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter. | |||||
| CVE-2017-5466 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2018-8979 | 1 Open-audit | 1 Open-audit | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI. | |||||
| CVE-2018-6796 | 1 Multilanguage Real Estate Mlm Script Project | 1 Multilanguage Real Estate Mlm Script | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input field. | |||||
| CVE-2018-12655 | 1 Slims Akasia Project | 1 Slims Akasia | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an admin/modules/circulation/loan_rules.php?keywords= URI, a related issue to CVE-2017-7242. | |||||
| CVE-2018-10806 | 1 Frogcms Project | 1 Frogcms | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability via the file[current_name] parameter to the admin/?/plugin/file_manager/rename URI. This can be used in conjunction with CSRF. | |||||
| CVE-2018-11223 | 1 Pandorafms | 1 Artica Pandora Fms | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=" call. | |||||
| CVE-2017-1277 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Quality Manager | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124752. | |||||
| CVE-2017-18091 | 1 Atlassian | 2 Crucible, Fisheye | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| The admin backupprogress action in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the filename of a backup. | |||||
| CVE-2018-9987 | 1 Zulip | 1 Zulip Server | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2, there was an XSS issue with muting notifications. | |||||
| CVE-2018-10109 | 1 Monstra | 1 Monstra | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog. | |||||
| CVE-2018-1000508 | 1 Wpulike | 1 Ulike | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| WP ULike version 2.8.1, 3.1 contains a Cross Site Scripting (XSS) vulnerability in Settings screen that can result in allows unauthorised users to do almost anything an admin can. This attack appear to be exploitable via Admin must visit logs page. This vulnerability appears to have been fixed in 3.2. | |||||
| CVE-2018-5175 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60. | |||||
| CVE-2018-9986 | 1 Zulip | 1 Zulip Server | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor. | |||||
| CVE-2018-1142 | 1 Tenable | 1 Appliance | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Utilizing a specially crafted request, an authenticated attacker could potentially execute arbitrary JavaScript code by manipulating certain URL parameters related to offline plugins. | |||||
| CVE-2018-13849 | 1 Instagram-clone Project | 1 Instagram-clone | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| edit_requests.php in yTakkar Instagram-clone through 2018-04-23 has XSS via an onmouseover payload because of an inadequate XSS protection mechanism based on preg_replace. | |||||
| CVE-2018-7057 | 1 Steelcase | 2 Roomwizard, Roomwizard Firmware | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName parameter. | |||||
| CVE-2018-10554 | 1 Nagios | 1 Nagios Xi | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelper.php opts or background parameter; (4) the i[] array parameter to ajax_handler.php; or (5) the deploynotification.php title parameter. | |||||