Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20561 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter.
|
|||||
| CVE-2018-20560 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the show_name parameter.
|
|||||
| CVE-2018-20559 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter.
|
|||||
| CVE-2018-20558 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the site_name parameter.
|
|||||
| CVE-2018-20557 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_name parameter.
|
|||||
| CVE-2018-20530 | 1 Website Seller Script Project | 1 Website Seller Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896.
|
|||||
| CVE-2018-20524 | 1 Urlchatbox | 1 Chat Anywhere | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted use of <<a> in a message, because a danmuWrapper DIV element in chatbox-only\danmu.js is outside the scope of a Content Security Policy (CSP).
|
|||||
| CVE-2018-20520 | 1 1234n | 1 Minicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a related issue to CVE-2018-10296 and CVE-2018-16233.
|
|||||
| CVE-2018-20503 | 1 Alliedtelesis | 2 8100l\/8, 8100l\/8 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.php vlanid or subnet_mask parameter.
|
|||||
| CVE-2018-20496 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.
|
|||||
| CVE-2018-20491 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in GitLab Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.
|
|||||
| CVE-2018-20490 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.
|
|||||
| CVE-2018-20486 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php url_array[] parameter.
|
|||||
| CVE-2018-20485 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.
|
|||||
| CVE-2018-20484 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation.
|
|||||
| CVE-2018-20476 | 1 S-cms | 1 S-cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in S-CMS 3.0. It allows XSS via the admin/demo.php T_id parameter.
|
|||||
| CVE-2018-20472 | 1 Sahipro | 1 Sahi Pro | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. The logs web interface is vulnerable to stored XSS.
|
|||||
| CVE-2018-20464 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an attempt to modify a user's mailbox with the wrong format. The response contains the user's previously entered email address.
|
|||||
| CVE-2018-20462 | 1 Jsmol2wp Project | 1 Jsmol2wp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter.
|
|||||
| CVE-2018-20454 | 1 74cms | 1 74cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in 74cms v4.2.111. upload/index.php?c=resume&a=resume_list has XSS via the key parameter.
|
|||||
| CVE-2018-20448 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI.
|
|||||
| CVE-2018-20418 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.
|
|||||
| CVE-2018-20379 | 1 Technicolor | 2 Dpc3928sl, Dpc3928sl Firmware | 2024-11-21 | 2.6 LOW | 4.7 MEDIUM |
|
Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices allow XSS via a Cross Protocol Injection attack with setSSID of 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.1.1.3.10001.
|
|||||
| CVE-2018-20373 | 1 Tendacn | 2 Adsl, Adsl Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP client.
|
|||||
| CVE-2018-20372 | 1 Tp-link | 2 Td-w8961nd, Td-w8961nd Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client.
|
|||||
| CVE-2018-20370 | 1 The-sz | 1 Netchat | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
SZ NetChat before 7.9 has XSS in the MyName input field of the Options module. Attackers are able to inject commands to compromise the enabled HTTP server web frontend.
|
|||||
| CVE-2018-20369 | 1 Barracuda | 1 Message Archiver | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module. The injection point of the issue is the Add_Update module.
|
|||||
| CVE-2018-20368 | 1 Averta | 1 Master Slider | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback.
|
|||||
| CVE-2018-20367 | 1 Wstmart | 1 Wstmart | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The "mall some commodity details: commodity consultation" component in WSTMart 2.0.8_181212 has stored XSS via the consultContent parameter, as demonstrated by the index.php/home/goodsconsult/add.html URI.
|
|||||
| CVE-2018-20351 | 1 Evernote | 1 Evernote | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Markdown component in Evernote (Chinese) before 8.3.2 on macOS allows stored XSS, aka MAC-832.
|
|||||
| CVE-2018-20339 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section.
|
|||||
| CVE-2018-20328 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of the feature it exploits.
|
|||||
| CVE-2018-20327 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Chamilo LMS version 1.11.8 contains XSS in main/template/default/admin/gradebook_list.tpl in the gradebook dependencies tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of the feature it exploits.
|
|||||
| CVE-2018-20326 | 1 Chinamobile | 2 Gpn2.4p21-c-cn, Gpn2.4p21-c-cn Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have XSS via the cgi-bin/webproc?getpage=html/index.html var:subpage parameter.
|
|||||
| CVE-2018-20322 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) vulnerability in Survey Resource zip upload, resulting in Javascript code execution against LimeSurvey administrators. Fixed in version 3.15.6.
|
|||||
| CVE-2018-20306 | 1 Pulsesecure | 1 Virtual Traffic Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HTML via a crafted website and steal sensitive data and credentials. Affected releases are Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1.
|
|||||
| CVE-2018-20302 | 1 Emetrotel | 1 Xain | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An XSS issue was discovered in Steve Pallen Xain before 0.6.2 via the order parameter.
|
|||||
| CVE-2018-20244 | 1 Apache | 1 Airflow | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
|
In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.
|
|||||
| CVE-2018-20242 | 1 Apache | 1 Jspwiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to session hijacking.
|
|||||
| CVE-2018-20241 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter.
|
|||||