Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20933 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410).
|
|||||
| CVE-2018-20928 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391).
|
|||||
| CVE-2018-20923 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377).
|
|||||
| CVE-2018-20922 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376).
|
|||||
| CVE-2018-20921 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375).
|
|||||
| CVE-2018-20920 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374).
|
|||||
| CVE-2018-20919 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373).
|
|||||
| CVE-2018-20918 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372).
|
|||||
| CVE-2018-20916 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-370).
|
|||||
| CVE-2018-20915 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369).
|
|||||
| CVE-2018-20911 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup (SEC-359).
|
|||||
| CVE-2018-20910 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357).
|
|||||
| CVE-2018-20903 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421).
|
|||||
| CVE-2018-20901 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400).
|
|||||
| CVE-2018-20900 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399).
|
|||||
| CVE-2018-20899 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398).
|
|||||
| CVE-2018-20884 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367).
|
|||||
| CVE-2018-20881 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446).
|
|||||
| CVE-2018-20878 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface (SEC-441).
|
|||||
| CVE-2018-20877 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437).
|
|||||
| CVE-2018-20876 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434).
|
|||||
| CVE-2018-20875 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433).
|
|||||
| CVE-2018-20874 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface (SEC-428).
|
|||||
| CVE-2018-20868 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464).
|
|||||
| CVE-2018-20866 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature (SEC-461).
|
|||||
| CVE-2018-20865 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459).
|
|||||
| CVE-2018-20859 | 1 Edx | 1 Edx-platform | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem.
|
|||||
| CVE-2018-20858 | 1 Edx | 1 Recommender | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Recommender before 2018-07-18 allows XSS.
|
|||||
| CVE-2018-20850 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
|
Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server.
|
|||||
| CVE-2018-20849 | 1 Arastta | 1 Ecommerce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Arastta eCommerce 1.6.2 is vulnerable to XSS via the PATH_INFO to the login/ URI.
|
|||||
| CVE-2018-20848 | 1 Peel | 1 Peel Shopping | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php, as demonstrated by an XSS payload in the couleurId[0] parameter to the latter.
|
|||||
| CVE-2018-20838 | 1 Magazine3 | 1 Amp For Wp | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS.
|
|||||
| CVE-2018-20837 | 1 Typesettercms | 1 Typesetter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS.
|
|||||
| CVE-2018-20827 | 1 Atlassian | 1 Jira | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter.
|
|||||
| CVE-2018-20824 | 1 Atlassian | 1 Jira | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter.
|
|||||
| CVE-2018-20816 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed.
|
|||||
| CVE-2018-20814 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Policy Secure | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX or PPS 5.2RX.
|
|||||
| CVE-2018-20808 | 1 Ivanti | 1 Connect Secure | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This is not applicable to 8.1RX.
|
|||||
| CVE-2018-20807 | 1 Ivanti | 1 Connect Secure | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An XSS issue has been found in welcome.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1.x before 8.1R12, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 due to one of the URL parameters not being sanitized properly.
|
|||||
| CVE-2018-20806 | 1 Phamm | 1 Phamm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
|
|||||