Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18675 | 1 Sir | 1 Gnuboard | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board title contents" parameter, aka the adm/board_form_update.php bo_mobile_subject parameter.
|
|||||
| CVE-2018-18674 | 1 Sir | 1 Gnuboard | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board tail contents" parameter, aka the adm/board_form_update.php bo_content_tail parameter.
|
|||||
| CVE-2018-18673 | 1 Sir | 1 Gnuboard | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Menu Link" parameter, aka the adm/menu_list_update.php me_link parameter.
|
|||||
| CVE-2018-18672 | 1 Sir | 1 Gnuboard | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board head contents" parameter, aka the adm/board_form_update.php bo_content_head parameter.
|
|||||
| CVE-2018-18671 | 1 Sir | 1 Gnuboard | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board head contents" parameter, aka the adm/board_form_update.php bo_mobile_content_head parameter.
|
|||||
| CVE-2018-18670 | 1 Sir | 1 Gnuboard | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Extra Contents" parameter, aka the adm/config_form_update.php cf_1~10 parameter.
|
|||||
| CVE-2018-18669 | 1 Sir | 1 Gnuboard | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board title contents" parameter, aka the adm/board_form_update.php bo_subject parameter.
|
|||||
| CVE-2018-18668 | 1 Sir | 1 Gnuboard | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "homepage title" parameter, aka the adm/config_form_update.php cf_title parameter.
|
|||||
| CVE-2018-18660 | 1 Arcserve | 1 Udp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue.
|
|||||
| CVE-2018-18643 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS.
|
|||||
| CVE-2018-18642 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has XSS.
|
|||||
| CVE-2018-18636 | 2 D-link, Dlink | 2 Dsl-2640t Firmware, Dsl-2640t | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:RelaodHref or var:conid parameter.
|
|||||
| CVE-2018-18635 | 1 Mailcleaner | 1 Mailcleaner | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO.
|
|||||
| CVE-2018-18631 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS.
|
|||||
| CVE-2018-18625 | 1 Grafana | 1 Grafana | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Grafana 5.3.1 has XSS via a link on the "Dashboard > All Panels > General" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.
|
|||||
| CVE-2018-18624 | 1 Grafana | 1 Grafana | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Grafana 5.3.1 has XSS via a column style on the "Dashboard > Table Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.
|
|||||
| CVE-2018-18623 | 1 Grafana | 1 Grafana | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.
|
|||||
| CVE-2018-18622 | 1 Bijiadao | 1 Waimai Super Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Waimai Super Cms 20150505. There is XSS via the index.php?m=public&a=doregister username parameter.
|
|||||
| CVE-2018-18621 | 1 Communigate | 1 Communigate Pro | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! Mail Composer, which is mishandled in /MIME/INBOX-MM-1/ if the raw email link (in .txt format) is modified and then renamed with a .html or .wssp extension.
|
|||||
| CVE-2018-18608 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php.
|
|||||
| CVE-2018-18579 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter.
|
|||||
| CVE-2018-18578 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter.
|
|||||
| CVE-2018-18570 | 1 Planonsoftware | 1 Planon | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Planon before Live Build 41 has XSS.
|
|||||
| CVE-2018-18553 | 1 Leanote | 1 Leanote | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page.
|
|||||
| CVE-2018-18551 | 1 Serverscheck | 1 Monitoring Software | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, group_delete.html group parameter, report_save.html query parameter, sensors.html location parameter, or group_delete.html group parameter.
|
|||||
| CVE-2018-18548 | 1 Ajenti | 1 Ajenticp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager.
|
|||||
| CVE-2018-18547 | 1 Vestacp | 1 Control Panel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI.
|
|||||
| CVE-2018-18545 | 1 Fiyo | 1 Fiyo Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter.
|
|||||
| CVE-2018-18540 | 1 Teakki | 1 Teakki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL.
|
|||||
| CVE-2018-18524 | 1 Evernote | 1 Evernote | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code under Present mode. After a victim opens an affected note under Present mode, the attacker can read the victim's files and achieve remote execution command on the victim's computer.
|
|||||
| CVE-2018-18517 | 1 Citrix | 1 Netscaler Gateway Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS.
|
|||||
| CVE-2018-18478 | 1 Librenms | 1 Librenms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML via the dashboard_name parameter in the /ajax_form.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php, and html/includes/forms/edit-dashboard.inc.php.
|
|||||
| CVE-2018-18460 | 1 3cx | 1 Live Chat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request.
|
|||||
| CVE-2018-18437 | 1 Axiositalia | 1 Registro Elettronico | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter.
|
|||||
| CVE-2018-18433 | 1 Destoon | 1 Destoon B2b | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in DESTOON B2B 7.0. admin/category.inc.php has XSS via the category[catname] parameter to the admin.php URI.
|
|||||
| CVE-2018-18431 | 1 Destoon | 1 Destoon B2b | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in DESTOON B2B 7.0. XSS exists via certain text boxes to the admin.php?moduleid=2&action=add URI.
|
|||||
| CVE-2018-18430 | 1 Destoon | 1 Destoon B2b | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to the admin.php URI.
|
|||||
| CVE-2018-18419 | 1 Ardawan | 1 User Management | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI.
|
|||||
| CVE-2018-18417 | 1 Creativeitem | 1 Ekushey Project Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI.
|
|||||
| CVE-2018-18416 | 1 Pokkho | 1 Lango | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the site_name parameter to the admin/settings/update URI.
|
|||||