Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17997 | 1 Layerbb | 1 Layerbb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
LayerBB 1.1.1 allows XSS via the titles of conversations (PMs).
|
|||||
| CVE-2018-17989 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored XSS vulnerability exists in the web interface on D-Link DSL-3782 devices with firmware 1.01 that allows authenticated attackers to inject a JavaScript or HTML payload inside the ACL page. The injected payload would be executed in a user's browser when "/cgi-bin/New_GUI/Acl.asp" is requested.
|
|||||
| CVE-2018-17981 | 1 Lifesize | 4 Express 220, Express 220 Firmware, Room 220i and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Lifesize Express ls ex2_4.7.10 2000 (14) devices allow XSS via the interface/interface.php brand parameter.
|
|||||
| CVE-2018-17964 | 1 Aryanic | 1 Highportal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Aryanic HighPortal 12.5 has XSS via an Add Tags action.
|
|||||
| CVE-2018-17960 | 1 Ckeditor | 1 Ckeditor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.
|
|||||
| CVE-2018-17952 | 1 Microfocus | 1 Edirectory | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross site scripting vulnerability in eDirectory prior to 9.1 SP2
|
|||||
| CVE-2018-17949 | 1 Microfocus | 1 Imanager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross site scripting vulnerability in iManager prior to 3.1 SP2.
|
|||||
| CVE-2018-17947 | 1 Atmist | 1 Snazzy Maps | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Snazzy Maps plugin before 1.1.5 for WordPress has XSS via the text or tab parameter.
|
|||||
| CVE-2018-17946 | 1 Tribulant | 1 Slideshow Gallery | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter.
|
|||||
| CVE-2018-17904 | 1 Geovap | 1 Reliance 4 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code.
|
|||||
| CVE-2018-17886 | 1 Jeesns | 1 Jeesns | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a <svg/onLoad=confirm substring. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-12429.
|
|||||
| CVE-2018-17884 | 1 Gwolle Guestbook Project | 1 Gwolle Guestbook | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (gwolle-gb) plugin before 2.5.4 for WordPress via the PATH_INFO to wp-admin/index.php
|
|||||
| CVE-2018-17876 | 1 Web-feet | 1 Coaster Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Stored XSS vulnerability has been discovered in the v5.5.0 version of the Coaster CMS product.
|
|||||
| CVE-2018-17874 | 1 Expressionengine | 1 Expressionengine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
ExpressionEngine before 4.3.5 has reflected XSS.
|
|||||
| CVE-2018-17868 | 1 Dasan | 2 H660gw, H660gw Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
DASAN H660GW devices have Stored XSS in the Port Forwarding functionality.
|
|||||
| CVE-2018-17866 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field.
|
|||||
| CVE-2018-17865 | 1 Sap | 1 J2ee Engine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
|
|||||
| CVE-2018-17862 | 1 Sap | 1 J2ee Engine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
|
|||||
| CVE-2018-17861 | 1 Sap | 1 J2ee Engine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
|
|||||
| CVE-2018-17849 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka File Upload) request with a multipart/form-data JavaScript payload.
|
|||||
| CVE-2018-17835 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI.
|
|||||
| CVE-2018-17832 | 1 Wuzhicms | 1 Wuzhi Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter.
|
|||||
| CVE-2018-17830 | 1 Redaxo | 1 Redaxo | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[ substring.
|
|||||
| CVE-2018-17790 | 1 Prospecta | 1 Master Data Online | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
|
Prospecta Master Data Online (MDO) 2.0 has Stored XSS.
|
|||||
| CVE-2018-17784 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM Community Edition 6.5.26 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.
|
|||||
| CVE-2018-17783 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.
|
|||||
| CVE-2018-17782 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.
|
|||||
| CVE-2018-17596 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter.
|
|||||
| CVE-2018-17595 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI.
|
|||||
| CVE-2018-17594 | 1 Airties | 2 Air 5443v2, Air 5443v2 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
AirTies Air 5443v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
|
|||||
| CVE-2018-17593 | 1 Airties | 2 Air 5453, Air 5453 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
|
|||||
| CVE-2018-17591 | 1 Airties | 2 Air 5343v2, Air 5343v2 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
|
|||||
| CVE-2018-17590 | 1 Airties | 2 Air 5442, Air 5442 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
|
|||||
| CVE-2018-17589 | 1 Airties | 2 Air 5650, Air 5650 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
AirTies Air 5650 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
|
|||||
| CVE-2018-17588 | 1 Airties | 2 Air 5021, Air 5021 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
|
|||||
| CVE-2018-17587 | 1 Airties | 2 Air 5750, Air 5750 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
|
|||||
| CVE-2018-17586 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_timeout_pages action.
|
|||||
| CVE-2018-17585 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the wpfastestcacheoptions wpFastestCachePreload_number or wpFastestCacheLanguage parameter.
|
|||||
| CVE-2018-17583 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_exclude_pages action.
|
|||||
| CVE-2018-17574 | 1 Ymfe | 1 Yapi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in the name field of a project.
|
|||||