Total
29080 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3818 | 1 Elastic | 1 Kibana | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | |||||
| CVE-2018-9928 | 1 Metinfo | 1 Metinfo | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter. | |||||
| CVE-2018-6528 | 2 D-link, Dlink | 6 Dir-860l Firmware, Dir-860l, Dir-865l and 3 more | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi. | |||||
| CVE-2017-1315 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Quality Manager | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125727. | |||||
| CVE-2015-7423 | 1 Ibm | 1 Infosphere Master Data Management | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 107771. | |||||
| CVE-2018-11715 | 1 Recent Threads Project | 1 Recent Threads | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject. | |||||
| CVE-2018-10364 | 1 Bigtreecms | 1 Bigtree Cms | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| BigTree before 4.2.22 has XSS in the Users management page via the name or company field. | |||||
| CVE-2018-5962 | 1 Centos-webpanel | 1 Centos Web Panel | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module. | |||||
| CVE-2018-3755 | 1 Sexstatic Project | 1 Sexstatic | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name. | |||||
| CVE-2018-6212 | 2 D-link, Dlink | 2 Dir-620 Firmware, Dir-620 | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of the XMLHttpRequest object. | |||||
| CVE-2018-10311 | 1 Wuzhicms | 1 Wuzhi Cms | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI. | |||||
| CVE-2018-6845 | 1 Olx Clone Script Project | 1 Olx Clone Script | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the Leave Comment field. | |||||
| CVE-2018-7976 | 1 Huawei | 1 Espace Desktop | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop. | |||||
| CVE-2018-9183 | 1 Joomsky | 1 Js Jobs | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS. | |||||
| CVE-2018-11649 | 1 Gethue | 1 Hue | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Hue 3.12 has XSS via the /pig/save/ name and script parameters. | |||||
| CVE-2018-10136 | 1 Iscripts | 1 Uberforx | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| iScripts UberforX 2.2 has Stored XSS in the "manage_settings" section of the Admin Panel via a value field to the /cms?section=manage_settings&action=edit URI. | |||||
| CVE-2018-6001 | 1 Webartisan | 1 Soundy Audio Playlist | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Soundy Audio Playlist plugin 4.6 and below for WordPress has Cross-Site Scripting via soundy-audio-playlist\templates\front-end.php (war_sdy_pl_preview parameter). | |||||
| CVE-2018-0201 | 1 Cisco | 1 Jabber | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of input during web page generation. An attacker could exploit this vulnerability by embedding media in instant messages. An exploit could allow the attacker to cause the recipient chat client to make outbound requests. Cisco Bug IDs: CSCve54001. | |||||
| CVE-2018-9104 | 1 Mitel | 2 Mivoice Connect, St 14.2 | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the api.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | |||||
| CVE-2014-8780 | 1 Jease | 1 Jease | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote authenticated users to inject arbitrary web script or HTML via a content section note. | |||||