Total
37706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11557 | 1 Yiban | 1 Easy Class Education Platform | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| YIBAN Easy class education platform 2.0 has XSS via the articlelist.php k parameter. | |||||
| CVE-2018-11553 | 1 Sgin | 1 Xiangyun Platform | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SGIN.CN xiangyun platform V9.4.10 has XSS via the login_url parameter to /login.php. | |||||
| CVE-2018-11552 | 1 Nch | 1 Axon Pbx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable application. | |||||
| CVE-2018-11532 | 1 Changuondyu Advanced Statistics Project | 1 Changuondyu Advanced Statistics | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field. | |||||
| CVE-2018-11522 | 1 Yosoro Project | 1 Yosoro | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Yosoro 1.0.4 has stored XSS. | |||||
| CVE-2018-11512 | 1 Creatiwity | 1 Witycms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general. | |||||
| CVE-2018-11501 | 1 Website Seller Script Project | 1 Website Seller Script | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS. | |||||
| CVE-2018-11487 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php. | |||||
| CVE-2018-11486 | 1 Multidots | 1 Advance Search For Woocommerce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting (XSS) vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CSS textarea field, which will be loaded on every site page. | |||||
| CVE-2018-11485 | 1 Multidots | 1 Woocommerce Quick Reports | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce -> Orders admin page. The attack is possible by modifying the "referral_site" cookie to have an XSS payload, and placing an order. | |||||
| CVE-2018-11473 | 1 Monstra | 1 Monstra | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration). | |||||
| CVE-2018-11472 | 1 Monstra | 1 Monstra | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php). | |||||
| CVE-2018-11471 | 1 Getcockpit | 1 Cockpit | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cockpit 0.5.5 has XSS via a collection, form, or region. | |||||
| CVE-2018-11450 | 1 Siemens | 1 Teamcenter Product Lifecycle Management | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site-Scripting (XSS) vulnerability has been identified in Siemens PLM Software TEAMCENTER (V9.1.2.5). If a user visits the login portal through the URL crafted by the attacker, the attacker can insert html/javascript and thus alter/rewrite the login portal page. Siemens PLM Software TEAMCENTER V9.1.3 and newer are not affected. | |||||
| CVE-2018-11448 | 1 Siemens | 2 Scalance M875, Scalance M875 Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a stored Cross-Site Scripting (XSS) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires that the attacker has access to the web interface of an affected device. The attacker must be authenticated as administrative user on the web interface. Afterwards, a legitimate user must access the web interface. A successful attack could allow an attacker to execute malicious code in the browser of a legitimate user. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2018-11443 | 1 Easyservice Billing Project | 1 Easyservice Billing | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0. | |||||
| CVE-2018-11430 | 1 Moderator Log Notes Project | 1 Moderator Log Notes | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. The XSS is located in the mod notes textarea. | |||||
| CVE-2018-11415 | 1 Sap | 1 Internet Transaction Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product. | |||||
| CVE-2018-11404 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter. | |||||
| CVE-2018-11403 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter. | |||||