Total
29286 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-7277 | 1 Rletech | 4 Fds-wi, Fds-wi Firmware, Wi-mgr and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP. | |||||
CVE-2018-7274 | 1 Quarx Cms Project | 1 Quarx Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Yab Quarx through 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog (Title), FAQ (Question), Pages (Title), Widgets (Name), and Menus (Name). | |||||
CVE-2018-7265 | 1 Shimmie2 Project | 1 Shimmie2 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Shimmie 2 2.6.0 allows an attacker to upload a crafted SVG file that enables stored XSS. | |||||
CVE-2018-7261 | 1 Radiantcms | 1 Radiant Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
There are multiple Persistent XSS vulnerabilities in Radiant CMS 1.1.4. They affect Personal Preferences (Name and Username) and Configuration (Site Title, Dev Site Domain, Page Parts, and Page Fields). | |||||
CVE-2018-7260 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2018-7205 | 1 Kentico | 1 Kentico Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
** DISPUTED ** Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages -> Edit template properties -> Device Layouts -> Create device layout (and edit created device layout) -> Design" screens. NOTE: the vendor has responded that there is intended functionality for authorized users to edit and update ascx code layout. | |||||
CVE-2018-7203 | 1 Lynxtechnology | 1 Twonky Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all. | |||||
CVE-2018-7198 | 1 Octobercms | 1 October | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page. | |||||
CVE-2018-7197 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Pluck through 4.7.4. A stored cross-site scripting (XSS) vulnerability allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL. | |||||
CVE-2018-7196 | 1 Osticket | 1 Osticket | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter. | |||||
CVE-2018-7193 | 1 Osticket | 1 Osticket | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter. | |||||
CVE-2018-7192 | 1 Osticket | 1 Osticket | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter. | |||||
CVE-2018-7188 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php. | |||||
CVE-2018-7057 | 1 Steelcase | 2 Roomwizard, Roomwizard Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName parameter. | |||||
CVE-2018-7049 | 1 Wowza | 1 Streaming Engine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Wowza Streaming Engine before 4.7.1. There is an XSS vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager) causing script injection and/or reflection via a crafted HTTP request. | |||||
CVE-2018-7035 | 1 Gleezcms | 1 Gleez Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action. | |||||
CVE-2018-6958 | 1 Vmware | 1 Vrealize Automation | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation. | |||||
CVE-2018-6944 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. | |||||
CVE-2018-6943 | 1 Ultimatemember | 1 Ultimatemember | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. | |||||
CVE-2018-6940 | 1 Nat32 | 1 Nat32 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with CSRF. |