Total
29085 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0583 | 1 Asus | 2 Rt-ac1200hp, Rt-ac1200hp Firmware | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware version prior to 3.0.0.4.380.4180 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-18084 | 1 Atlassian | 1 Confluence | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| The usermacros resource in Atlassian Confluence Server before version 6.3.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the description of a macro. | |||||
| CVE-2017-1652 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Quality Manager | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133263. | |||||
| CVE-2018-0944 | 1 Microsoft | 2 Project Server, Sharepoint Enterprise Server | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923 and CVE-2018-0947. | |||||
| CVE-2018-13409 | 1 Jirafeau | 1 Jirafeau | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Jirafeau before 3.4.1. The "search file by hash" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges. | |||||
| CVE-2018-5773 | 1 Python-markdown2 Project | 1 Python-markdown2 | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '>' character from an IMG tag. | |||||
| CVE-2018-7564 | 1 Polycom | 2 Qdx 6000, Qdx 6000 Firmware | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS exists on Polycom QDX 6000 devices. | |||||
| CVE-2018-0328 | 1 Cisco | 1 Unified Communications Manager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvg89116. | |||||
| CVE-2018-1000144 | 1 Jenkins | 1 Cucumber Living Documentation | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross site scripting vulnerability exists in Jenkins Cucumber Living Documentation Plugin 1.0.12 and older in CukedoctorBaseAction#doDynamic that disables the Content-Security-Policy protection for archived artifacts and workspace files, allowing attackers able to control the content of these files to attack Jenkins users. | |||||
| CVE-2018-8903 | 1 Open-audit | 1 Open-audit | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen. | |||||
| CVE-2017-5800 | 1 Hp | 1 Operations Bridge Analytics | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A Remote Cross-Site Scripting (XSS) vulnerability in HPE Operations Bridge Analytics version v3.0 was found. | |||||
| CVE-2018-9857 | 1 Match Clone Script Project | 1 Match Clone Script | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the "View Search By Id" screen). | |||||
| CVE-2018-3747 | 1 Public.js Project | 1 Public.js | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The public node module versions <= 1.0.3 allows to embed HTML in file names, which (in certain conditions) might lead to execute malicious JavaScript. | |||||
| CVE-2018-10810 | 1 Livezilla | 1 Livezilla | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is affected by Cross-Site Scripting via the Accept-Language HTTP header. | |||||
| CVE-2018-11650 | 1 Graylog | 1 Graylog | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js. | |||||
| CVE-2018-9337 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. | |||||
| CVE-2018-6866 | 1 Learning And Examination Management System Script Project | 1 Learning And Examination Management System Script | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 via a crafted message. | |||||
| CVE-2018-13339 | 1 Angular Redactor Project | 1 Angular Redactor | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035. | |||||
| CVE-2018-8832 | 1 Enhavo | 1 Enhavo | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| enhavo 0.4.0 has XSS via a user-group that contains executable JavaScript code in the user-group name. The XSS attack launches when a victim visits the admin user group page. | |||||
| CVE-2017-11175 | 1 Siemens | 1 Fin Stack | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In J2 Innovations FIN Stack 4.0, the authentication webform is vulnerable to reflected XSS via the query string to /login. | |||||