Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5375 | 1 Discuz | 1 Discuzx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action.
|
|||||
| CVE-2018-5370 | 1 Bizlogicdev | 1 Xnami | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
BizLogic xnami 1.0 has XSS via the comment parameter in an addComment action to the /media/ajax URI.
|
|||||
| CVE-2018-5369 | 1 Srbtranslatin Project | 1 Srbtranslatin | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The SrbTransLatin plugin 1.46 for WordPress has XSS via an srbtranslatoptions action to wp-admin/options-general.php with a lang_identificator parameter.
|
|||||
| CVE-2018-5367 | 1 Wpglobus | 1 Wpglobus | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][post] parameter to wp-admin/options.php.
|
|||||
| CVE-2018-5366 | 1 Wpglobus | 1 Wpglobus | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[more_languages] parameter to wp-admin/options.php.
|
|||||
| CVE-2018-5365 | 1 Wpglobus | 1 Wpglobus | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[selector_wp_list_pages][show_selector] parameter to wp-admin/options.php.
|
|||||
| CVE-2018-5364 | 1 Wpglobus | 1 Wpglobus | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[browser_redirect][redirect_by_language] parameter to wp-admin/options.php.
|
|||||
| CVE-2018-5363 | 1 Wpglobus | 1 Wpglobus | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[enabled_languages][en] or wpglobus_option[enabled_languages][fr] (or any other language) parameter to wp-admin/options.php.
|
|||||
| CVE-2018-5362 | 1 Wpglobus | 1 Wpglobus | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][page] parameter to wp-admin/options.php.
|
|||||
| CVE-2018-5331 | 1 Discuz | 1 Discuzx | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php.
|
|||||
| CVE-2018-5316 | 1 Patsatech | 1 Sagepay Server Gateway For Woocommerce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter.
|
|||||
| CVE-2018-5312 | 1 Wpshopmart | 1 Tabs Responsive | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The tabs-responsive plugin 1.8.0 for WordPress has XSS via the post_title parameter to wp-admin/post.php.
|
|||||
| CVE-2018-5311 | 1 Tonjoostudio | 1 Easy Custom Auto Excerpt | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the tonjoo_ecae_options[custom_css] parameter to the wp-admin/admin.php?page=tonjoo_excerpt URI.
|
|||||
| CVE-2018-5307 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality.
|
|||||
| CVE-2018-5306 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality.
|
|||||
| CVE-2018-5303 | 1 Impinj | 2 R420 Rfid Reader, R420 Rfid Reader Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The license key parameter of the web application is vulnerable to Cross Site Scripting; this vulnerability allows an attacker to send malicious code to another user.
|
|||||
| CVE-2018-5293 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-tools page.
|
|||||
| CVE-2018-5292 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-information page.
|
|||||
| CVE-2018-5288 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page.
|
|||||
| CVE-2018-5286 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-about page.
|
|||||
| CVE-2018-5284 | 1 Wpscoop | 1 Imageinject | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options-general.php.
|
|||||
| CVE-2018-5281 | 1 Sonicwall | 8 Nsa 250m, Nsa 2600, Nsa 2650 and 5 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens.
|
|||||
| CVE-2018-5280 | 1 Sonicwall | 8 Nsa 250m, Nsa 2600, Nsa 2650 and 5 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens.
|
|||||
| CVE-2018-5263 | 1 Stackideas | 1 Easydiscuss | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0.21 for Joomla! allows XSS.
|
|||||
| CVE-2018-5249 | 1 Shaarli Project | 1 Shaarli | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form's username field (aka the login parameter to the ban_canLogin function in index.php).
|
|||||
| CVE-2018-5233 | 1 Getgrav | 1 Grav Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/tools.
|
|||||
| CVE-2018-5232 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuetype parameter.
|
|||||
| CVE-2018-5230 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified.
|
|||||
| CVE-2018-5229 | 1 Atlassian | 1 Universal Plugin Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names.
|
|||||
| CVE-2018-5228 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the handling of response headers.
|
|||||
| CVE-2018-5227 | 1 Atlassian | 1 Application Links | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the display url of a configured application link.
|
|||||
| CVE-2018-5216 | 1 Radiantcms | 1 Radiant Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_content parameter to an admin/pages/*/edit resource.
|
|||||
| CVE-2018-5215 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter.
|
|||||
| CVE-2018-5214 | 1 Add Link To Facebook Project | 1 Add Link To Facebook | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The "Add Link to Facebook" plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php.
|
|||||
| CVE-2018-5213 | 1 Simple Download Monitor Project | 1 Simple Download Monitor | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php.
|
|||||
| CVE-2018-5212 | 1 Simple Download Monitor Project | 1 Simple Download Monitor | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php.
|
|||||
| CVE-2018-5175 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60.
|
|||||
| CVE-2018-5172 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user to copy and paste malicious script content that could then run with the context of either page but does not allow for privilege escalation. This vulnerability affects Firefox < 60.
|
|||||
| CVE-2018-5164 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. This could allow for script to run where CSP should block it, allowing for cross-site scripting (XSS) and other attacks. This vulnerability affects Firefox < 60.
|
|||||
| CVE-2018-5143 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will execute. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Firefox < 59.
|
|||||