Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5124 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1.
|
|||||
| CVE-2018-5078 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Online Ticket Booking has XSS via the admin/eventlist.php cast parameter.
|
|||||
| CVE-2018-5077 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter.
|
|||||
| CVE-2018-5076 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter.
|
|||||
| CVE-2018-5075 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter.
|
|||||
| CVE-2018-5074 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter.
|
|||||
| CVE-2018-5072 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter.
|
|||||
| CVE-2018-5071 | 1 Cobham | 2 Sea Tel 116, Sea Tel 116 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is similar to a Cross Protocol Injection with SNMP.
|
|||||
| CVE-2018-5005 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a Cross-site Scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
|||||
| CVE-2018-4941 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.
|
|||||
| CVE-2018-4940 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.
|
|||||
| CVE-2018-4931 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
|||||
| CVE-2018-4930 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
|||||
| CVE-2018-4929 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Experience Manager versions 6.2 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
|||||
| CVE-2018-4876 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to cross-site scripting via a bypass of the Sling XSSAPI#getValidHref function.
|
|||||
| CVE-2018-4875 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Experience Manager versions 6.1 and 6.0 are vulnerable to a reflected cross-site scripting vulnerability related to the handling of malicious content embedded in image files uploaded to the DAM.
|
|||||
| CVE-2018-4848 | 1 Siemens | 6 Scalance X-200, Scalance X-200 Firmware, Scalance X-200 Irt and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked i ...
Show More |
|||||
| CVE-2018-4842 | 1 Siemens | 6 Scalance X200, Scalance X200 Firmware, Scalance X200 Irt and 3 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). A remote, authenticated attacker with access to the configuration web server could be able to store script code on the web site, if the HRP redundancy option is set. This code could be executed in the web browser of victims visi ...
Show More |
|||||
| CVE-2018-4377 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
|
|||||
| CVE-2018-4374 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
|
|||||
| CVE-2018-4345 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
|
|||||
| CVE-2018-4309 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
|
|||||
| CVE-2018-4133 | 3 Apple, Canonical, Webkitgtk | 3 Safari, Ubuntu Linux, Webkitgtk\+ | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the "WebKit" component. A Safari cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
|
|||||
| CVE-2018-4065 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim's browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability.
|
|||||
| CVE-2018-3830 | 2 Elastic, Redhat | 2 Kibana, Openshift Container Platform | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
|
|||||
| CVE-2018-3824 | 1 Elastic | 3 Elasticsearch X-pack, Kibana X-pack, Logstash X-pack | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of that other ML user.
|
|||||
| CVE-2018-3823 | 1 Elastic | 3 Elasticsearch X-pack, Kibana X-pack, Logstash X-pack | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. Users with manage_ml permissions could create jobs containing malicious data as part of their configuration that could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of other ML users viewing the results of the jobs.
|
|||||
| CVE-2018-3821 | 1 Elastic | 1 Kibana | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
|
|||||
| CVE-2018-3820 | 1 Elastic | 1 Kibana | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
|
|||||
| CVE-2018-3818 | 1 Elastic | 1 Kibana | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
|
|||||
| CVE-2018-3781 | 1 Nextcloud | 1 Talk | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A missing sanitization of search results for an autocomplete field in NextCloud Talk <3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users.
|
|||||
| CVE-2018-3780 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A missing sanitization of search results for an autocomplete field in NextCloud Server <13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users.
|
|||||
| CVE-2018-3773 | 1 Metascraper Project | 1 Metascraper | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
There is a stored Cross-Site Scripting vulnerability in Open Graph meta properties read by the `metascrape` npm module <= 3.9.2.
|
|||||
| CVE-2018-3771 | 1 Statics-server Project | 1 Statics-server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
|
|||||
| CVE-2018-3769 | 1 Ruby-grape | 1 Grape | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
ruby-grape ruby gem suffers from a cross-site scripting (XSS) vulnerability via "format" parameter.
|
|||||
| CVE-2018-3764 | 1 Nextcloud | 1 Contacts | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins.
|
|||||
| CVE-2018-3763 | 1 Nextcloud | 1 Calendar | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins.
|
|||||
| CVE-2018-3755 | 1 Sexstatic Project | 1 Sexstatic | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name.
|
|||||
| CVE-2018-3748 | 1 Glance Project | 1 Glance | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
There is a Stored XSS vulnerability in the glance node module versions <= 3.0.5. File name, which contains malicious HTML (eg. embedded iframe element or javascript: pseudo-protocol handler in <a> element) allows to execute JavaScript code against any user who opens a directory listing containing such crafted file name.
|
|||||
| CVE-2018-3747 | 1 Public.js Project | 1 Public.js | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The public node module versions <= 1.0.3 allows to embed HTML in file names, which (in certain conditions) might lead to execute malicious JavaScript.
|
|||||