Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20240 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter.
|
|||||
| CVE-2018-20239 | 1 Atlassian | 8 Application Links, Confluence Data Center, Confluence Server and 5 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. The product is used as a plugin in various Atlassian products where the following are affected: Confluence before version 6.15.2, Crucible before version 4.7.0, Crowd before v ...
Show More |
|||||
| CVE-2018-20232 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting.
|
|||||
| CVE-2018-20212 | 1 Twiki | 1 Twiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter.
|
|||||
| CVE-2018-20172 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Nagios XI before 5.5.8. The rss_url parameter of rss_dashlet/magpierss/scripts/magpie_slashbox.php is not filtered, resulting in an XSS vulnerability.
|
|||||
| CVE-2018-20171 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Nagios XI before 5.5.8. The url parameter of rss_dashlet/magpierss/scripts/magpie_simple.php is not filtered, resulting in an XSS vulnerability.
|
|||||
| CVE-2018-20165 | 1 Opentext | 1 Opentext Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI.
|
|||||
| CVE-2018-20153 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.
|
|||||
| CVE-2018-20150 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.
|
|||||
| CVE-2018-20149 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.
|
|||||
| CVE-2018-20141 | 1 Abantecart | 1 Abantecart | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
AbanteCart 1.2.12 has reflected cross-site scripting (XSS) via the sort parameter, as demonstrated by a /apparel--accessories?sort= substring.
|
|||||
| CVE-2018-20140 | 1 Zenphoto | 1 Zenphoto | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Zenphoto 1.4.14 has multiple cross-site scripting (XSS) vulnerabilities via different URL parameters.
|
|||||
| CVE-2018-20138 | 1 Readymadeb2bscript | 1 Entrepreneur B2b Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PHP Scripts Mall Entrepreneur B2B Script 3.0.6 allows Stored XSS via Account Settings fields such as FirstName and LastName, a similar issue to CVE-2018-14541.
|
|||||
| CVE-2018-20137 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or Meta keywords during page data management, as demonstrated by the pages/edit/1?lang=english URI.
|
|||||
| CVE-2018-20136 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation, as demonstrated by the pages/edit/1?lang=english URI.
|
|||||
| CVE-2018-20121 | 1 Podcastgenerator | 1 Podcast Generator | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Podcast Generator 2.7 has stored cross-site scripting (XSS) via the URL addcategory parameter.
|
|||||
| CVE-2018-20101 | 1 Codection | 1 Import Users From Csv With Meta | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell.
|
|||||
| CVE-2018-20071 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker controled files via a crafted HTML page.
|
|||||
| CVE-2018-20017 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
SEMCMS 3.5 has XSS via the first text box to the SEMCMS_Main.php URI.
|
|||||
| CVE-2018-20012 | 1 Phpcmf | 1 Phpcmf | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI.
|
|||||
| CVE-2018-20011 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field.
|
|||||
| CVE-2018-20010 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.
|
|||||
| CVE-2018-20009 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field.
|
|||||
| CVE-2018-20006 | 1 Phpok | 1 Phpok | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save (reachable via the index.php?id=book URI).
|
|||||
| CVE-2018-1984 | 1 Ibm | 1 Rational Team Concert | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154137.
|
|||||
| CVE-2018-1983 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Team Concert | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154136.
|
|||||
| CVE-2018-1982 | 1 Ibm | 1 Rational Team Concert | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154135.
|
|||||
| CVE-2018-1975 | 1 Ibm | 1 Rational Doors Web Access | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Rational DOORS Web Access 9.5.1 through 9.5.2.9, and 9.6 through 9.6.1.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153916.
|
|||||
| CVE-2018-1967 | 1 Ibm | 1 Security Identity Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153748.
|
|||||
| CVE-2018-1952 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153495.
|
|||||
| CVE-2018-1947 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153427.
|
|||||
| CVE-2018-1933 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Planning Analytics 2.0 through 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153177.
|
|||||
| CVE-2018-1921 | 1 Ibm | 1 Campaign | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Campaign 9.1.0, 9.1.2, 10.1, and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152857.
|
|||||
| CVE-2018-1918 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Reporting Service (JRS) 6.0.3, 6.0.4, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152785.
|
|||||
| CVE-2018-1916 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152740.
|
|||||
| CVE-2018-1914 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152738.
|
|||||
| CVE-2018-1913 | 1 Ibm | 1 Doors Next Generation | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.3 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152737.
|
|||||
| CVE-2018-1912 | 1 Ibm | 1 Rational Doors Next Generation | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM DOORS Next Generation (DNG/RRC) 6.0.2 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152736.
|
|||||
| CVE-2018-1911 | 1 Ibm | 1 Rational Doors Next Generation | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.2 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152735.
|
|||||
| CVE-2018-1910 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152734.
|
|||||