Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6864 | 1 Multireligion Responsive Matrimonial Project | 1 Multireligion Responsive Matrimonial | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion Responsive Matrimonial 4.7.2 via a user profile update parameter.
|
|||||
| CVE-2018-6862 | 1 Bitcoin Mlm Project | 1 Bitcoin Mlm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) exists in PHP Scripts Mall Bitcoin MLM Software 1.0.2 via a profile field.
|
|||||
| CVE-2018-6861 | 1 Lawyer Search Script Project | 1 Lawyer Search Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) exists in PHP Scripts Mall Lawyer Search Script 1.0.2 via a profile update parameter.
|
|||||
| CVE-2018-6858 | 1 Facebook Clone Script Project | 1 Facebook Clone Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone Script.
|
|||||
| CVE-2018-6845 | 1 Olx Clone Script Project | 1 Olx Clone Script | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the Leave Comment field.
|
|||||
| CVE-2018-6844 | 1 Mybb | 1 Mybb | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen.
|
|||||
| CVE-2018-6834 | 1 Etherpad | 1 Etherpad Lite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href.
|
|||||
| CVE-2018-6824 | 1 Cozy | 1 Cozy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cozy version 2 has XSS allowing remote attackers to obtain administrative access via JavaScript code in the url parameter to the /api/proxy URI, as demonstrated by an XMLHttpRequest call with an 'email:"[email protected]"' request, which can be followed by a password reset.
|
|||||
| CVE-2018-6811 | 1 Citrix | 2 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to inject arbitrary web script or HTML via the Citrix NetScaler interface.
|
|||||
| CVE-2018-6796 | 1 Multilanguage Real Estate Mlm Script Project | 1 Multilanguage Real Estate Mlm Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input field.
|
|||||
| CVE-2018-6795 | 1 Naukri Clone Script Project | 1 Naukri Clone Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every profile input field.
|
|||||
| CVE-2018-6682 | 1 Mcafee | 1 True Key | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site.
|
|||||
| CVE-2018-6681 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface.
|
|||||
| CVE-2018-6659 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 3.5 LOW | 3.7 LOW |
|
Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input.
|
|||||
| CVE-2018-6655 | 1 Doctor Search Script Project | 1 Doctor Search Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an arbitrary profile field.
|
|||||
| CVE-2018-6643 | 1 Infoblox | 1 Netmri | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter.
|
|||||
| CVE-2018-6603 | 1 Promise | 1 Webpam Proe | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie.
|
|||||
| CVE-2018-6590 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability.
|
|||||
| CVE-2018-6588 | 1 Ca | 1 Api Developer Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer.
|
|||||
| CVE-2018-6587 | 1 Ca | 1 Api Developer Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable.
|
|||||
| CVE-2018-6586 | 1 Ca | 1 Api Developer Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing.
|
|||||
| CVE-2018-6561 | 1 Dojotoolkit | 1 Dojo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.
|
|||||
| CVE-2018-6550 | 1 Monstra | 1 Monstra | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php.
|
|||||
| CVE-2018-6545 | 1 Ipswitch | 1 Moveit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability, as demonstrated by human.aspx. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks.
|
|||||
| CVE-2018-6529 | 1 Dlink | 6 Dir-860l, Dir-860l Firmware, Dir-865l and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.
|
|||||
| CVE-2018-6528 | 1 Dlink | 6 Dir-860l, Dir-860l Firmware, Dir-865l and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.
|
|||||
| CVE-2018-6527 | 1 Dlink | 6 Dir-860l, Dir-860l Firmware, Dir-865l and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.
|
|||||
| CVE-2018-6518 | 1 Compo | 1 Composr Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php.
|
|||||
| CVE-2018-6511 | 1 Puppet | 1 Puppet Enterprise | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.
|
|||||
| CVE-2018-6510 | 1 Puppet | 1 Puppet Enterprise | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.
|
|||||
| CVE-2018-6506 | 1 Minibb | 1 Minibb | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Cross-Site Scripting (XSS) exists in the Add Forum feature in the Administrative Panel in miniBB 3.2.2 via crafted use of an onload attribute of an SVG element in the supertitle field.
|
|||||
| CVE-2018-6502 | 1 Hp | 1 Arcsight Management Center | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting (XSS).
|
|||||
| CVE-2018-6495 | 1 Microfocus | 3 Cms Server, Universal Cmdb, Universal Cmdb Browser | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS).
|
|||||
| CVE-2018-6492 | 1 Hp | 2 Network Automation, Network Operations Management Ultimate | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
|
Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection.
|
|||||
| CVE-2018-6469 | 1 Flickrrss Project | 1 Flickrrss | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_tags parameter to wp-admin/options-general.php.
|
|||||
| CVE-2018-6468 | 1 Flickrrss Project | 1 Flickrrss | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_id parameter to wp-admin/options-general.php.
|
|||||
| CVE-2018-6466 | 1 Flickrrss Project | 1 Flickrrss | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_set parameter to wp-admin/options-general.php.
|
|||||
| CVE-2018-6465 | 1 Wp-property-hive | 1 Propertyhive | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php.
|
|||||
| CVE-2018-6464 | 1 Mycolorway | 1 Simditor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1.
|
|||||
| CVE-2018-6449 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers
|
|||||