Total
29256 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10547 | 4 Canonical, Debian, Netapp and 1 more | 4 Ubuntu Linux, Debian Linux, Storage Automation Store and 1 more | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712. | |||||
| CVE-2017-1486 | 1 Ibm | 1 Cognos Business Intelligence | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128624. | |||||
| CVE-2018-6362 | 1 Ehcp | 1 Easy Hosting Control Panel | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop action parameter, as demonstrated by reading the PHPSESSID cookie. | |||||
| CVE-2017-7634 | 1 Qnap | 2 Media Streaming Add-on, Qts | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to inject arbitrary web script or HTML. The injected code will only be triggered by a crafted link, not the normal page. | |||||
| CVE-2018-2397 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting. | |||||
| CVE-2018-7278 | 1 Rletech | 4 Fds-pc, Fds-pc-dp, Fds-pc-dp Firmware and 1 more | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP 2.1 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP. | |||||
| CVE-2018-10095 | 1 Dolibarr | 1 Dolibarr | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. | |||||
| CVE-2018-9172 | 1 Iptanus | 1 Wordpress File Upload | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes. | |||||
| CVE-2018-6844 | 1 Mybb | 1 Mybb | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen. | |||||
| CVE-2018-11651 | 1 Graylog | 1 Graylog | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dashboard/EditDashboardModal.jsx, and pages/ShowDashboardPage.jsx. | |||||
| CVE-2018-10138 | 1 Catalooksupport | 1 .netstore | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The CATALooK.netStore module through 7.2.8 for DNN (formerly DotNetNuke) allows XSS via the /ViewEditGoogleMaps.aspx PortalID or CATSkin parameter, or the /ImageViewer.aspx link or desc parameter. | |||||
| CVE-2018-7724 | 1 Piwigo | 1 Piwigo | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request. CSRF exploitation, related to CVE-2017-10681, may be possible. | |||||
| CVE-2016-9903 | 1 Mozilla | 1 Firefox | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context. This vulnerability affects Firefox < 50.1. | |||||
| CVE-2018-7786 | 1 Schneider-electric | 1 U.motion Builder | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts. | |||||
| CVE-2018-9235 | 1 Iscripts | 1 Sonicbb | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php. | |||||
| CVE-2017-1506 | 1 Ibm | 1 Cognos Tm1 | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Cognos TM1 10.2 and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129617. | |||||
| CVE-2018-8720 | 1 Servicenow | 1 It Service Management | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| ServiceNow ITSM 2016-06-02 has XSS via the First Name or Last Name field of My Profile (aka navpage.do), or the Search bar of My Portal (aka search_results.do). | |||||
| CVE-2018-10379 | 1 Gitlab | 1 Gitlab | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability. | |||||
| CVE-2018-1187 | 1 Dell | 1 Emc Isilon | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. | |||||
| CVE-2018-10110 | 2 D-link, Dlink | 2 Dir-615 T1 Firmware, Dir-615 T1 | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| D-Link DIR-615 T1 devices allow XSS via the Add User feature. | |||||