Total
29255 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10213 | 1 Vaultize | 1 Enterprise File Sharing | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is XSS in invitation mail received from a different user, who can modify the HTML in that mail before sending it. | |||||
| CVE-2018-12658 | 1 Slims Project | 1 Slims | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) exists in the Stock Take module in SLiMS 8 Akasia 8.3.1 via an admin/modules/stock_take/index.php?keywords= URI. | |||||
| CVE-2018-3716 | 1 Simplehttpserver Project | 1 Simplehttpserver | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names. | |||||
| CVE-2018-0864 | 1 Microsoft | 1 Sharepoint Server | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 allow an information disclosure vulnerability due to how web requests are handled, aka "Microsoft SharePoint Information Disclosure Vulnerability". | |||||
| CVE-2018-11450 | 1 Siemens | 1 Teamcenter Product Lifecycle Management | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site-Scripting (XSS) vulnerability has been identified in Siemens PLM Software TEAMCENTER (V9.1.2.5). If a user visits the login portal through the URL crafted by the attacker, the attacker can insert html/javascript and thus alter/rewrite the login portal page. Siemens PLM Software TEAMCENTER V9.1.3 and newer are not affected. | |||||
| CVE-2018-2371 | 1 Sap | 1 Netweaver Java Web Application | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The SAML 2.0 service provider of SAP Netweaver AS Java Web Application, 7.50, does not sufficiently encode user controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-1408 | 1 Ibm | 1 Rational Team Concert | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138446. | |||||
| CVE-2018-9236 | 1 Iscripts | 1 Easycreate | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site title" field. | |||||
| CVE-2017-1772 | 1 Ibm | 1 Mobilefirst Platform Foundation | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Worklight (IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and 8.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136786. | |||||
| CVE-2018-4930 | 1 Adobe | 1 Experience Manager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-12696 | 1 Mao10 | 1 Mao10cms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| mao10cms 6 allows XSS via the article page. | |||||
| CVE-2017-2745 | 1 Hp | 1 Jetadvantage Security Manager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to execute scripts in a user's browser. | |||||
| CVE-2017-7823 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-02-04 | 4.3 MEDIUM | 5.4 MEDIUM |
| The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | |||||
| CVE-2018-1000095 | 1 Redhat | 1 Ovirt-engine | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3. | |||||
| CVE-2018-9237 | 1 Iscripts | 1 Easycreate | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description" field. | |||||
| CVE-2018-0511 | 1 Meowapps | 1 Wp Retina 2x | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-13000 | 1 Anelectron | 1 Advanced Electron Forum | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` element of the `Private Message` module. The editor of the private message module allows inserting links without sanitizing the content. This allows remote attackers to inject malicious script code payloads as a private message (aka pmbody). The injection point is the editor ftp link element and the execution point occurs in the message body context on arrival. The request method to inject is POST with restricted user privileges. | |||||
| CVE-2018-11404 | 1 Domainmod | 1 Domainmod | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter. | |||||
| CVE-2017-1532 | 1 Ibm | 1 Rational Doors | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130411. | |||||
| CVE-2018-11588 | 1 Centreon | 2 Centreon, Centreon Web | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php. | |||||