Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19767 | 1 Infovista | 1 Vistaportal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "PresentSpace.jsp" has reflected XSS via the ConnPoolName and GroupId parameters.
|
|||||
| CVE-2018-19766 | 1 Infovista | 1 Vistaportal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "GroupRessourceAdmin.jsp" has reflected XSS via the ConnPoolName parameter.
|
|||||
| CVE-2018-19765 | 1 Infovista | 1 Vistaportal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentPresentSpace.jsp" has reflected XSS via the ConnPoolName, GroupId, and ParentId parameters.
|
|||||
| CVE-2018-19752 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar.
|
|||||
| CVE-2018-19751 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields.
|
|||||
| CVE-2018-19750 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields.
|
|||||
| CVE-2018-19749 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field.
|
|||||
| CVE-2018-19727 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
|||||
| CVE-2018-19726 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
|||||
| CVE-2018-19724 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
|||||
| CVE-2018-19694 | 1 Hms-networks | 16 Netbiter Ec150, Netbiter Ec150 Firmware, Netbiter Ec250 and 13 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
HMS Industrial Networks Netbiter WS100 3.30.5 devices and previous have reflected XSS in the login form.
|
|||||
| CVE-2018-19693 | 1 Tp5cms Project | 1 Tp5cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the title parameter.
|
|||||
| CVE-2018-19658 | 2 Apple, Evernote | 2 Macos, Yinxiang Biji | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The Markdown editor in YXBJ before 8.3.2 on macOS has stored XSS. This behavior may be encountered by some Evernote users; however, it is a vulnerability in YXBJ, not a vulnerability in Evernote.
|
|||||
| CVE-2018-19649 | 1 Infovista | 1 Vistaportal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS exists in InfoVista VistaPortal SE Version 5.1 (build 51029). VPortal/mgtconsole/RolePermissions.jsp has reflected XSS via the ConnPoolName parameter.
|
|||||
| CVE-2018-19644 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 4.3 MEDIUM | 5.0 MEDIUM |
|
Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
|
|||||
| CVE-2018-19630 | 1 Openwrt | 2 Lede, Openwrt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI.
|
|||||
| CVE-2018-19615 | 1 Rockwellautomation | 2 Powermonitor 1000, Powermonitor 1000 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted userâs web browser to gain access to the affected device.
|
|||||
| CVE-2018-19614 | 1 Westermo | 6 Dr-250, Dr-250 Firmware, Dr-260 and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS exists in the /cmdexec/cmdexe?cmd= function in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers.
|
|||||
| CVE-2018-19600 | 1 Rhymix | 1 Rhymix | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Rhymix CMS 1.9.8.1 allows XSS via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload.
|
|||||
| CVE-2018-19599 | 1 Monstra | 1 Monstra Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Monstra CMS 1.6 allows XSS via an uploaded SVG document to the admin/index.php?id=filesmanager&path=uploads/ URI. NOTE: this is a discontinued product.
|
|||||
| CVE-2018-19598 | 1 Statamic | 1 Statamic | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Statamic 2.10.3 allows XSS via First Name or Last Name to the /users URI in an 'Add new user' request.
|
|||||
| CVE-2018-19597 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798.
|
|||||
| CVE-2018-19596 | 1 Zurmo | 1 Zurmo | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Zurmo 3.2.4 allows HTML Injection via an admin's use of HTML in the report section, a related issue to CVE-2018-19506.
|
|||||
| CVE-2018-19579 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1.
|
|||||
| CVE-2018-19574 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page.
|
|||||
| CVE-2018-19573 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid.
|
|||||
| CVE-2018-19570 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags.
|
|||||
| CVE-2018-19564 | 1 Goldplugins | 1 Easy Testimonials | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. Three wp-admin/post.php parameters (_ikcf_client and _ikcf_position and _ikcf_other) have Cross-Site Scripting.
|
|||||
| CVE-2018-19554 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in Dotcms through 5.0.3. Attackers may perform XSS attacks via the inode, identifier, or fieldName parameter in html/js/dotcms/dijit/image/image_tool.jsp.
|
|||||
| CVE-2018-19547 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
JTBC(PHP) 3.0.1.7 has XSS via the console/xml/manage.php?type=action&action=edit content parameter.
|
|||||
| CVE-2018-19546 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter.
|
|||||
| CVE-2018-19527 | 1 I4 | 1 Ai Si Assistant | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings.
|
|||||
| CVE-2018-19525 | 1 Systrome | 6 Cumilon Isg-600c, Cumilon Isg-600c Firmware, Cumilon Isg-600h and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. There is CSRF via /ui/?g=obj_keywords_add and /ui/?g=obj_keywords_addsave with resultant XSS because of a lack of csrf token validation.
|
|||||
| CVE-2018-19509 | 1 Ens | 1 Webgalamb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS.
|
|||||
| CVE-2018-19508 | 1 Cmsimple | 1 Cmsimple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ?userfiles&subdir=userfiles/images/flags/ URI.
|
|||||
| CVE-2018-19507 | 1 Cmsimple | 1 Cmsimple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
CMSimple 4.7.5 has XSS via an admin's use of a ?file=config&action=array URI.
|
|||||
| CVE-2018-19506 | 1 Zurmo | 1 Zurmo | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI.
|
|||||
| CVE-2018-19498 | 1 Simplenia | 1 Pages | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Simplenia Pages plugin 2.6.0 for Atlassian Bitbucket Server has XSS.
|
|||||
| CVE-2018-19493 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding.
|
|||||
| CVE-2018-19469 | 1 Articlecms Project | 1 Articlecms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
ArticleCMS through 2017-02-19 has XSS via the /update_personal_infomation realname or email parameter.
|
|||||