Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17572 | 1 Influxdata | 1 Influxdb | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
InfluxDB 0.9.5 has Reflected XSS in the Write Data module.
|
|||||
| CVE-2018-17571 | 1 Vanillaforums | 1 Vanilla | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Vanilla before 2.6.1 allows XSS via the email field of a profile.
|
|||||
| CVE-2018-17560 | 1 Teamwire | 1 Teamwire | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The admin interface of the Grouptime Teamwire Client 1.5.1 prior to 1.9.0 on-premises messenger server allows stored XSS. All backend versions prior to prod-2018-11-13-15-00-42 are affected.
|
|||||
| CVE-2018-17556 | 1 Modx | 1 Modx Revolution | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action.
|
|||||
| CVE-2018-17533 | 1 Teltonika | 6 Rut900, Rut900 Firmware, Rut950 and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.
|
|||||
| CVE-2018-17443 | 1 Dlink | 1 Central Wifimanager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS.
|
|||||
| CVE-2018-17441 | 1 Dlink | 1 Central Wifimanager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS.
|
|||||
| CVE-2018-17423 | 1 E107 | 1 E107 | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php.
|
|||||
| CVE-2018-17421 | 1 Zrlog | 1 Zrlog | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname.
|
|||||
| CVE-2018-17413 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin parameter.
|
|||||
| CVE-2018-17369 | 1 Springboot Authority Project | 1 Springboot Authority | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in springboot_authority through 2017-03-06. There is stored XSS via the admin/role/edit roleKey, name, or description parameter.
|
|||||
| CVE-2018-17361 | 1 Weaselcms Project | 1 Weaselcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php because $_SERVER['PHP_SELF'] is mishandled.
|
|||||
| CVE-2018-17337 | 1 Intelbras | 2 Nplug, Nplug Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast.
|
|||||
| CVE-2018-17322 | 1 Yunucms | 1 Yunucms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in index.php/index/category/index in YUNUCMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the area parameter.
|
|||||
| CVE-2018-17321 | 1 Seacms | 1 Seacms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action.
|
|||||
| CVE-2018-17320 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in UCMS 1.4.6. aaddpost.php has stored XSS via the sadmin/aindex.php minfo parameter in a sadmin_aaddpost action.
|
|||||
| CVE-2018-17316 | 1 Ricoh | 2 Mp C6003, Mp C6003 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
|
|||||
| CVE-2018-17315 | 1 Ricoh | 2 Mp C2003, Mp C2003sp Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
On the RICOH MP C2003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
|
|||||
| CVE-2018-17314 | 1 Ricoh | 2 Mp 305\+, Mp 305\+ Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
|
|||||
| CVE-2018-17313 | 1 Ricoh | 2 Mp C307, Mp C307 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
|
|||||
| CVE-2018-17312 | 1 Ricoh | 2 Aficio Mp 301spf, Aficio Mp 301spf Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
|
|||||
| CVE-2018-17311 | 1 Ricoh | 2 Mp C6503, Mp C6503 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
|
|||||
| CVE-2018-17310 | 1 Ricoh | 2 Mp C1803 Jpn, Mp C1803 Jpn Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
|
|||||
| CVE-2018-17309 | 1 Ricoh | 2 Mp C406z, Mp C406zspf Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
|
|||||
| CVE-2018-17302 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /#Email/view saved draft message.
|
|||||
| CVE-2018-17301 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel.
|
|||||
| CVE-2018-17300 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name.
|
|||||
| CVE-2018-17288 | 1 Kofax | 1 Front Office Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Kofax Front Office Server version 4.1.1.11.0.5212 (both Thin Client and Administration Console) suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Filename" field in /Kofax/KFS/ThinClient/document/upload/ - (Thin Client) or (2) "DeviceName" field in /Kofax/KFS/Admin/DeviceService/device/ - (Administration Console).
|
|||||
| CVE-2018-17256 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). The vulnerability is exploited when updating or removing public access of a content.
|
|||||
| CVE-2018-17218 | 1 Ptc | 1 Thingworx Platform | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is reflected XSS in the SQUEAL search function.
|
|||||
| CVE-2018-17193 | 1 Apache | 1 Nifi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. Mitigation: The fix to correctly parse and sanitize the request attribute value was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release.
|
|||||
| CVE-2018-17184 | 1 Apache | 1 Syncope | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admin Console, the injected JavaScript code is executed.
|
|||||
| CVE-2018-17167 | 1 Printeron | 1 Printeron | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Name" field in the Access Control configuration, (4) "Service Name" in the Service Configuration, or (5) First Name or Last Name field in the Edit Account configuration.
|
|||||
| CVE-2018-17150 | 1 Intersystems | 1 Cache | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Intersystems Cache 2017.2.2.865.0 allows XSS.
|
|||||
| CVE-2018-17147 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Nagios XI before 5.5.4 has XSS in the auto login admin management page.
|
|||||
| CVE-2018-17146 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. Exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code within the auto login admin management page.
|
|||||
| CVE-2018-17140 | 1 Vms-studio | 1 Quizlord | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS via the title parameter in a ql_insert action to wp-admin/admin.php.
|
|||||
| CVE-2018-17138 | 1 Nickelpro | 1 Jibu Pro | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS via the wp-content/plugins/jibu-pro/quiz_action.php name (aka Quiz Name) field.
|
|||||
| CVE-2018-17130 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header,
|
|||||
| CVE-2018-17128 | 1 Mybb | 1 Mybb | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode.
|
|||||