Total
37725 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12652 | 1 Myadrenalin | 1 Adrenalin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the LeaveEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter. | |||||
| CVE-2018-12651 | 1 Myadrenalin | 1 Human Resource Management Software | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the ShiftEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter. | |||||
| CVE-2018-12650 | 1 Myadrenalin | 1 Human Resource Management Software | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting (XSS) vulnerability in the ApplicationtEmployeeSearch page via 'prntDDLCntrlName' and 'prntFrmName'. | |||||
| CVE-2018-12638 | 1 Bose | 1 Soundtouch | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app. | |||||
| CVE-2018-12627 | 1 Eventum Project | 1 Eventum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the show_notification_list_issues or show_authorized_issues parameter. | |||||
| CVE-2018-12626 | 1 Eventum Project | 1 Eventum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS via the cat parameter. | |||||
| CVE-2018-12625 | 1 Eventum Project | 1 Eventum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter. | |||||
| CVE-2018-12624 | 1 Eventum Project | 1 Eventum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XSS via the garlic_prefix parameter. | |||||
| CVE-2018-12623 | 1 Eventum Project | 1 Eventum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the current_page parameter. | |||||
| CVE-2018-12622 | 1 Eventum Project | 1 Eventum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the field_name parameter. | |||||
| CVE-2018-12611 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite 7.8.4 and earlier allows Directory Traversal. | |||||
| CVE-2018-12607 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding. | |||||
| CVE-2018-12606 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature. | |||||
| CVE-2018-12605 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter. | |||||
| CVE-2018-12588 | 1 Public Knowledge Project | 1 Open Monograph Press | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1.2.0 through 3.1.1-2 before 3.1.1-3 allows remote attackers to inject arbitrary web script or HTML via the catalog.noTitlesSearch parameter (aka the Search field). | |||||
| CVE-2018-12587 | 1 German Spelling Dictionary Project | 1 German Spelling Dictionary | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability was found in valeuraddons German Spelling Dictionary v1.3 (an Opera Browser add-on). Instead of providing text for a spelling check, remote attackers may inject arbitrary web script or HTML via the ajax query parameter in the URL Address Bar. | |||||
| CVE-2018-12581 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature. | |||||
| CVE-2018-12580 | 1 Dragonbyte-tech | 1 Vbsecurity | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session['user_agent'] in the "Login Sessions" feature. | |||||
| CVE-2018-12501 | 1 Nagios | 1 Fusion | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. | |||||
| CVE-2018-12480 | 1 Microfocus | 1 Access Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3. | |||||