Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6447 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account.
|
|||||
| CVE-2018-6380 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.
|
|||||
| CVE-2018-6379 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability.
|
|||||
| CVE-2018-6378 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager.
|
|||||
| CVE-2018-6377 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox
|
|||||
| CVE-2018-6362 | 1 Ehcp | 1 Easy Hosting Control Panel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop action parameter, as demonstrated by reading the PHPSESSID cookie.
|
|||||
| CVE-2018-6361 | 1 Ehcp | 1 Easy Hosting Control Panel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the op parameter, as demonstrated by adding a backdoor FTP account.
|
|||||
| CVE-2018-6357 | 1 Acurax | 1 Social Media Widget | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS.
|
|||||
| CVE-2018-6355 | 1 Iball | 2 Ib-wrb302n, Ib-wrb302n Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
/goform/setLang on iBall 300M devices with "iB-WRB302N_1.0.1-Sep 8 2017" firmware has Unauthenticated Stored Cross Site Scripting via the lang parameter.
|
|||||
| CVE-2018-6354 | 1 Formspree | 1 Formspree | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
templates/forms/thanks.html in Formspree before 2018-01-23 allows XSS related to the _next parameter.
|
|||||
| CVE-2018-6313 | 1 Wbce | 1 Wbce Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118.
|
|||||
| CVE-2018-6291 | 1 Kaspersky | 1 Secure Mail Gateway | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1.
|
|||||
| CVE-2018-6227 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject client-side scripts into vulnerable systems.
|
|||||
| CVE-2018-6226 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Reflected cross-site scripting (XSS) vulnerabilities in two Trend Micro Email Encryption Gateway 5.5 configuration files could allow an attacker to inject client-side scripts into vulnerable systems.
|
|||||
| CVE-2018-6212 | 2 D-link, Dlink | 2 Dir-620 Firmware, Dir-620 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of the XMLHttpRequest object.
|
|||||
| CVE-2018-6194 | 1 Splashing Images Project | 1 Splashing Images | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php.
|
|||||
| CVE-2018-6193 | 1 Routers2 Project | 1 Routers2 | 2024-11-21 | 2.6 LOW | 4.7 MEDIUM |
|
A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, affecting the 'rtr' GET parameter in a page=graph action to cgi-bin/routers2.pl.
|
|||||
| CVE-2018-6190 | 1 Netis-systems | 2 Wf2419, Wf2419 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page.
|
|||||
| CVE-2018-6189 | 1 F-secure | 1 Radar | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
F-Secure Radar (on-premises) before 2018-02-15 has XSS via vectors involving the Tags parameter in the JSON request body in an outbound request for the /api/latest/vulnerabilityscans/tags/batch resource, aka a "suggested metadata tags for assets" issue.
|
|||||
| CVE-2018-6182 | 1 Mahara | 1 Mahara | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Mahara 16.10 before 16.10.9 and 17.04 before 17.04.7 and 17.10 before 17.10.4 are vulnerable to bad input when TinyMCE is bypassed by POST packages. Therefore, Mahara should not rely on TinyMCE's code stripping alone but also clean input on the server / PHP side as one can create own packets of POST data containing bad content with which to hit the server.
|
|||||
| CVE-2018-6145 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
|
|||||
| CVE-2018-6128 | 2 Apple, Google | 2 Iphone Os, Chrome | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Incorrect URL parsing in WebKit in Google Chrome on iOS prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
|
|||||
| CVE-2018-6081 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page.
|
|||||
| CVE-2018-6076 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page.
|
|||||
| CVE-2018-6070 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.
|
|||||
| CVE-2018-6051 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page.
|
|||||
| CVE-2018-6013 | 1 Bigtreecms | 1 Bigtree Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to inject arbitrary web script or HTML via the directory parameter. This issue exists in core/admin/ajax/developer/extensions/file-browser.php.
|
|||||
| CVE-2018-6010 | 1 Yiiframework | 1 Yiiframework | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php.
|
|||||
| CVE-2018-6002 | 1 Webartisan | 1 Soundy Background Music | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Soundy Background Music plugin 3.9 and below for WordPress has Cross-Site Scripting via soundy-background-music\templates\front-end.php (war_soundy_preview parameter).
|
|||||
| CVE-2018-6001 | 1 Webartisan | 1 Soundy Audio Playlist | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Soundy Audio Playlist plugin 4.6 and below for WordPress has Cross-Site Scripting via soundy-audio-playlist\templates\front-end.php (war_sdy_pl_preview parameter).
|
|||||
| CVE-2018-5967 | 1 Netis-systems | 2 Wf2419, Wf2419 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page.
|
|||||
| CVE-2018-5965 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter.
|
|||||
| CVE-2018-5964 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter.
|
|||||
| CVE-2018-5963 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter.
|
|||||
| CVE-2018-5962 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module.
|
|||||
| CVE-2018-5961 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file.
|
|||||
| CVE-2018-5950 | 4 Canonical, Debian, Gnu and 1 more | 9 Ubuntu Linux, Debian Linux, Mailman and 6 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.
|
|||||
| CVE-2018-5799 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139.
|
|||||
| CVE-2018-5798 | 1 Cloudera | 1 Cloudera Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager.
|
|||||
| CVE-2018-5776 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement).
|
|||||