Total
29263 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11559 | 1 Domainmod | 1 Domainmod | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter. | |||||
| CVE-2018-0340 | 1 Cisco | 1 Unified Communications Manager | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of certain parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting certain malicious code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvj00512. | |||||
| CVE-2018-6870 | 1 Website Seller Script Project | 1 Website Seller Script | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search feature. | |||||
| CVE-2018-7721 | 1 Metinfo | 1 Metinfo | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data. | |||||
| CVE-2017-18097 | 1 Atlassian | 1 Jira | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card. | |||||
| CVE-2018-9036 | 1 Checksec | 1 Canopy | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer, allowing attacks by low-privileged users against higher-privileged users. | |||||
| CVE-2018-1351 | 1 Fortinet | 1 Fortimanager | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log. | |||||
| CVE-2018-11105 | 1 3cx | 1 Live Chat | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" (aka wplc_name) and "email" (aka wplc_email) input fields to wp-json/wp_live_chat_support/v1/start_chat whenever a malicious attacker would initiate a new chat with an administrator. NOTE: this issue exists because of an incomplete fix for CVE-2018-9864. | |||||
| CVE-2017-13073 | 1 Qnap | 1 Photo Station | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo Station versions 5.2.7, 5.4.3, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2018-1229 | 1 Pivotal Software | 1 Spring Batch Admin | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because Spring Batch Admin has reached end of life. | |||||
| CVE-2018-1441 | 1 Ibm | 1 Monitoring | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.3 and 8.1.4) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139597. | |||||
| CVE-2018-13252 | 1 Entrustdatacard | 1 Syntera Customization Suite | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Entrust Datacard Syntera CS 5.x has XSS via the name field of "Domain or Computer Name" in the login page. | |||||
| CVE-2016-0344 | 1 Ibm | 1 Tririga Application Platform | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the My Reports component in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111785. | |||||
| CVE-2017-18259 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0. | |||||
| CVE-2017-12098 | 1 Rails Admin Project | 1 Rails Admin | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability. | |||||
| CVE-2018-12099 | 2 Grafana, Netapp | 3 Grafana, Active Iq Performance Analytics Services, Storagegrid Webscale Nas Bridge | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. | |||||
| CVE-2018-0869 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| SharePoint Server 2016 allows an elevation of privilege vulnerability due to how web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". | |||||
| CVE-2018-0357 | 1 Cisco | 1 Webex Meetings | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvi71274. | |||||
| CVE-2018-10297 | 1 Discuz | 1 Discuzx | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images. | |||||
| CVE-2018-5521 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS. | |||||