Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15971 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
|||||
| CVE-2018-15970 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
|||||
| CVE-2018-15969 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
|||||
| CVE-2018-15917 | 1 Jorani Project | 1 Jorani | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language.
|
|||||
| CVE-2018-15913 | 1 Cloudera | 1 Cloudera Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Cloudera Manager 5.x through 5.15.0. One type of page in Cloudera Manager uses a 'returnUrl' parameter to redirect the user to another page in Cloudera Manager once a wizard is completed. The validity of this parameter was not checked. As a result, the user could be automatically redirected to an attacker's external site or perform a malicious JavaScript function that results in cross-site scripting (XSS). This was fixed by not allowing any value in the returnUrl param ...
Show More |
|||||
| CVE-2018-15903 | 1 Claromentis | 1 Claromentis | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The Discuss v1.2.1 module in Claromentis 8.2.2 is vulnerable to stored Cross Site Scripting (XSS). An authenticated attacker will be able to place malicious JavaScript in the discussion forum, which is present in the login landing page. A low privilege user can use this to steal the session cookies from high privilege accounts and hijack these, enabling them to hijack the elevated session and perform actions in their security context.
|
|||||
| CVE-2018-15896 | 1 Website Seller Script Project | 1 Website Seller Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PHP Scripts Mall Website Seller Script 2.0.5 has XSS via Personal Address or Company Name.
|
|||||
| CVE-2018-15891 | 2 Freepbx, Sangoma | 2 Freepbx, Freepbx | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name.
|
|||||
| CVE-2018-15884 | 1 Ricoh | 2 Mp C4504ex, Mp C4504ex Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.
|
|||||
| CVE-2018-15880 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in Joomla! before 3.8.12. Inadequate output filtering on the user profile page could lead to a stored XSS attack.
|
|||||
| CVE-2018-15875 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request.
|
|||||
| CVE-2018-15874 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request.
|
|||||
| CVE-2018-15847 | 1 Puppycms | 1 Puppycms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in puppyCMS 5.1. There is an XSS vulnerability via menu.php in the "Add Page/URL" URL link field.
|
|||||
| CVE-2018-15843 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field.
|
|||||
| CVE-2018-15842 | 1 Wolfcms | 1 Wolf Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter.
|
|||||
| CVE-2018-15820 | 1 Easyio | 2 Easyio 30p, Easyio 30p Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
EasyIO EasyIO-30P devices before 2.0.5.27 allow XSS via the dev.htm GDN parameter.
|
|||||
| CVE-2018-15740 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen.
|
|||||
| CVE-2018-15714 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters.
|
|||||
| CVE-2018-15713 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php.
|
|||||
| CVE-2018-15712 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php.
|
|||||
| CVE-2018-15707 | 1 Advantech | 1 Webaccess | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things.
|
|||||
| CVE-2018-15703 | 1 Advantech | 1 Webaccess | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser.
|
|||||
| CVE-2018-15699 | 1 Asustor | 1 Data Master | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field.
|
|||||
| CVE-2018-15679 | 1 Btiteam | 1 Xbtit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in BTITeam XBTIT 2.5.4. The "keywords" parameter in the search function available at /index.php?page=forums&action=search is vulnerable to reflected cross-site scripting.
|
|||||
| CVE-2018-15678 | 1 Btiteam | 1 Xbtit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in BTITeam XBTIT 2.5.4. The "act" parameter in the sign-up page available at /index.php?page=signup is vulnerable to reflected cross-site scripting.
|
|||||
| CVE-2018-15677 | 1 Btiteam | 1 Xbtit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF.
|
|||||
| CVE-2018-15676 | 1 Btiteam | 1 Xbtit | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crk_protection.php anti-XSS mechanism that looks for a number of dangerous fingerprints.
|
|||||
| CVE-2018-15641 | 1 Odoo | 1 Odoo | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) issue in web module in Odoo Community 11.0 through 14.0 and Odoo Enterprise 11.0 through 14.0, allows remote authenticated internal users to inject arbitrary web script in the browser of a victim via crafted calendar event attributes.
|
|||||
| CVE-2018-15638 | 1 Odoo | 1 Odoo | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) issue in mail module in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via crafted channel names.
|
|||||
| CVE-2018-15635 | 1 Odoo | 1 Odoo | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Cross-site scripting vulnerability in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote attackers to inject arbitrary web script in the browser of an internal user of the system by tricking them into inviting a follower on a document with a crafted name.
|
|||||
| CVE-2018-15634 | 1 Odoo | 1 Odoo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) issue in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via a crafted link.
|
|||||
| CVE-2018-15633 | 1 Odoo | 1 Odoo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) issue in "document" module in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via crafted attachment filenames.
|
|||||
| CVE-2018-15614 | 1 Avaya | 1 Ip Office | 2024-11-21 | 3.5 LOW | 6.8 MEDIUM |
|
A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0 through 10.1 SP3 and 11.0 versions prior to 11.0 SP1.
|
|||||
| CVE-2018-15613 | 1 Avaya | 1 Aura Orchestration Designer | 2024-11-21 | 4.3 MEDIUM | 8.3 HIGH |
|
A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1.
|
|||||
| CVE-2018-15608 | 1 Manageengine | 1 Admanager Plus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen.
|
|||||
| CVE-2018-15606 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An XSS issue was discovered in SalesAgility SuiteCRM 7.x before 7.8.21 and 7.10.x before 7.10.8, related to phishing an error message.
|
|||||
| CVE-2018-15605 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature.
|
|||||
| CVE-2018-15603 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the Author field of the "Leave a Comment" screen.
|
|||||
| CVE-2018-15602 | 1 Zyxel | 2 Vmg3312 B10b, Vmg3312 B10b Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter.
|
|||||
| CVE-2018-15596 | 1 Mybb | 1 Mybb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles (within title elements of the generated XML documents) aren't sanitized, leading to XSS.
|
|||||