Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3741 | 1 Rubyonrails | 1 Html Sanitizer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately.
|
|||||
| CVE-2018-3740 | 1 Sanitize Project | 1 Sanitize | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.
|
|||||
| CVE-2018-3735 | 1 Bracket-template Project | 1 Bracket-template | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template
|
|||||
| CVE-2018-3726 | 1 Crud-file-server Project | 1 Crud-file-server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.
|
|||||
| CVE-2018-3717 | 1 Sencha | 1 Connect | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.
|
|||||
| CVE-2018-3716 | 1 Simplehttpserver Project | 1 Simplehttpserver | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.
|
|||||
| CVE-2018-3699 | 1 Intel | 1 Raid Web Console 3 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting in the Intel RAID Web Console v3 for Windows may allow an unauthenticated user to elevate privilege via remote access.
|
|||||
| CVE-2018-2505 | 1 Sap | 1 Hybris | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. Fixed in versions (SAP Hybris Commerce, versions 6.2, 6.3, 6.4, 6.5, 6.6, 6.7).
|
|||||
| CVE-2018-2504 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50.
|
|||||
| CVE-2018-2502 | 1 Sap | 1 Business One On Hana | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST (Cross Site Tracing) attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer (B1_ON_HANA, versions 9.2, 9.3).
|
|||||
| CVE-2018-2486 | 1 Sap | 2 Marketing Sapscore, Marketing Uicuan | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
|
|||||
| CVE-2018-2479 | 1 Sap | 1 Businessobjects Bi Platform | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
SAP BusinessObjects Business Intelligence Platform (BIWorkspace), versions 4.1 and 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
|
|||||
| CVE-2018-2472 | 1 Sap | 1 Businessobjects Bi Platform | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
|
|||||
| CVE-2018-2470 | 1 Sap | 1 Netweaver | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
|
|||||
| CVE-2018-2466 | 1 Sap | 1 Data Services | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In Impact and Lineage Analysis in SAP Data Services, version 4.2, the management console does not sufficiently validate user-controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability.
|
|||||
| CVE-2018-2464 | 1 Sap | 1 Netweaver | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.
|
|||||
| CVE-2018-2452 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2018-2444 | 1 Sap | 1 Businessobjects Financial Consolidation | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
SAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
|
|||||
| CVE-2018-2435 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
|
|||||
| CVE-2018-2432 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 4.9 MEDIUM | 5.4 MEDIUM |
|
SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced attacks, including: cross-site scripting and page hijacking.
|
|||||
| CVE-2018-2431 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
|
|||||
| CVE-2018-2410 | 1 Sap | 1 Business One | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability.
|
|||||
| CVE-2018-2405 | 1 Sap | 1 Solution Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting.
|
|||||
| CVE-2018-2399 | 1 Sap | 1 Process Monitoring Infrastructure | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs.
|
|||||
| CVE-2018-2397 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting.
|
|||||
| CVE-2018-2388 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53.
|
|||||
| CVE-2018-2383 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53.
|
|||||
| CVE-2018-2371 | 1 Sap | 1 Netweaver Java Web Application | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The SAML 2.0 service provider of SAP Netweaver AS Java Web Application, 7.50, does not sufficiently encode user controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability.
|
|||||
| CVE-2018-2365 | 1 Sap | 1 Netweaver Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
|
|||||
| CVE-2018-2364 | 1 Sap | 2 Customer Relationship Management Webclient Ui, S4fnd | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability.
|
|||||
| CVE-2018-2021 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155345.
|
|||||
| CVE-2018-2004 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Reporting Service (JRS) 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155006.
|
|||||
| CVE-2018-25101 | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW | ||
|
A vulnerability, which was classified as problematic, has been found in l2c2technologies Koha up to 20180108. This issue affects some unknown processing of the file /cgi-bin/koha/opac-MARCdetail.pl. The manipulation of the argument biblionumber with the input 2"><TEST> leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is 950fc8e101886821879066b33e389a47fb0a9782. It is recommended to upgrade the affected component. The identifier VDB-261677 was assig ...
Show More |
|||||
| CVE-2018-25097 | 1 Acumos | 1 Design Studio | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, was found in Acumos Design Studio up to 2.0.7. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The name of the patch is 0df8a5e8722188744973168648e4c74c69ce67fd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249420.
|
|||||
| CVE-2018-25090 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
|
An unauthenticated remote attacker can use an XSS attack due to improper neutralization of input during web page generation. User interaction is required. This leads to a limited impact of confidentiality and integrity but no impact of availability.
|
|||||
| CVE-2018-25086 | 1 Fanpress Cm Project | 1 Fanpress Cm | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.6.4 is able to address this issue. The patch is named c380d343c2107fcee55ab00eb8d189ce5e03369b. It is recommended to upgrade the affected ...
Show More |
|||||
| CVE-2018-25085 | 1 Drupal | 1 Responsive Menus | 2024-11-21 | 3.3 LOW | 2.4 LOW |
|
A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsive_menus_admin_form_submit of the file responsive_menus.module of the component Configuration Setting Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 7.x-1.7 is able to address this issue. The patch is named 3c554b31d32a367188f44d44857b061eac949fb8. It is recommended to upgrade the ...
Show More |
|||||
| CVE-2018-25084 | 1 Pingidentity | 1 Self-service Account Manager | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, has been found in Ping Identity Self-Service Account Manager 1.1.2. Affected by this issue is some unknown functionality of the file src/main/java/com/unboundid/webapp/ssam/SSAMController.java. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.1.3 is able to address this issue. The patch is identified as f64b10d63bb19ca2228b0c2d561a1a6e5a3bf251. It is recommended to upgrade the affecte ...
Show More |
|||||
| CVE-2018-25073 | 1 Ts-ranksystem | 1 Tsn-ranksystem | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability has been found in Newcomer1989 TSN-Ranksystem up to 1.2.6 and classified as problematic. This vulnerability affects the function getlog of the file webinterface/bot.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.7 is able to address this issue. The patch is identified as b3a3cd8efe2cd3bd3c5b3b7abf2fe80dbee51b77. It is recommended to upgrade the affected component. VDB-218002 is the identifier assigned to this vu ...
Show More |
|||||
| CVE-2018-25065 | 1 Wikimedia | 1 Mediawiki-extensions-i18ntags | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic. This issue affects some unknown processing of the file I18nTags_body.php of the component Unlike Parser. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is b4bc3cbbb099eab50cf2b544cf577116f1867b94. It is recommended to apply a patch to fix this issue. The identifier VDB-217445 was assigned to this vulnerability.
|
|||||