Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15190 | 1 Hotel Booking Script Project | 1 Hotel Booking Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PHP Scripts Mall hotel-booking-script 2.0.4 allows XSS via the First Name, Last Name, or Address field.
|
|||||
| CVE-2018-15189 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile.
|
|||||
| CVE-2018-15184 | 1 Naukri Clone Script Project | 1 Naukri Clone Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 has Stored XSS via the USERNAME field, a related issue to CVE-2018-6795.
|
|||||
| CVE-2018-15183 | 1 Myperfectresume \/ Jobhero \/ Resume Clone Script Project | 1 Myperfectresume \/ Jobhero \/ Resume Clone Script | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
PHP Scripts Mall Myperfectresume / JobHero / Resume Clone Script 2.0.6 has Stored XSS via the Full Name and Title fields.
|
|||||
| CVE-2018-15182 | 1 Car Rental Script Project | 1 Car Rental Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields.
|
|||||
| CVE-2018-15181 | 1 Jio | 2 4g Hotspot M2s, 4g Hotspot M2s Firmware | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
|
JioFi 4G Hotspot M2S devices allow attackers to cause a denial of service (secure configuration outage) via an XSS payload in the SSID name and Security Key fields.
|
|||||
| CVE-2018-15169 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter.
|
|||||
| CVE-2018-15130 | 1 Thinksaas | 1 Thinksaas | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter.
|
|||||
| CVE-2018-15129 | 1 Thinksaas | 1 Thinksaas | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter.
|
|||||
| CVE-2018-14977 | 1 Q-cms | 1 Qcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest.php has XSS, as demonstrated by the name parameter, a different vulnerability than CVE-2018-8070.
|
|||||
| CVE-2018-14976 | 1 Q-cms | 1 Qcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/category.php has XSS.
|
|||||
| CVE-2018-14975 | 1 Q-cms | 1 Qcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/album.php has XSS.
|
|||||
| CVE-2018-14974 | 1 Q-cms | 1 Qcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/news.php has XSS.
|
|||||
| CVE-2018-14973 | 1 Q-cms | 1 Qcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/product.php has XSS.
|
|||||
| CVE-2018-14972 | 1 Q-cms | 1 Qcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/down.php has XSS.
|
|||||
| CVE-2018-14971 | 1 Q-cms | 1 Qcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/user.php has XSS.
|
|||||
| CVE-2018-14970 | 1 Q-cms | 1 Qcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/slideshow.php has XSS.
|
|||||
| CVE-2018-14969 | 1 Q-cms | 1 Qcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/system.php has XSS.
|
|||||
| CVE-2018-14964 | 1 Emlsoft Project | 1 Emlsoft | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in EMLsoft 5.4.5. XSS exists via the eml/upload/eml/?action=address&do=edit page.
|
|||||
| CVE-2018-14962 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php.
|
|||||
| CVE-2018-14955 | 1 Squirrelmail | 1 Squirrelmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute).
|
|||||
| CVE-2018-14954 | 1 Squirrelmail | 1 Squirrelmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute.
|
|||||
| CVE-2018-14953 | 1 Squirrelmail | 1 Squirrelmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack.
|
|||||
| CVE-2018-14952 | 1 Squirrelmail | 1 Squirrelmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack.
|
|||||
| CVE-2018-14951 | 1 Squirrelmail | 1 Squirrelmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack.
|
|||||
| CVE-2018-14950 | 1 Squirrelmail | 1 Squirrelmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack.
|
|||||
| CVE-2018-14937 | 1 Mylittleforum | 1 My Little Forum | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The Add page option in my little forum 2.4.12 allows XSS via the Menu Link field.
|
|||||
| CVE-2018-14936 | 1 Mylittleforum | 1 My Little Forum | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The Add page option in my little forum 2.4.12 allows XSS via the Title field.
|
|||||
| CVE-2018-14935 | 1 Polycom | 2 Trio 8500, Trio 8500 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS.
|
|||||
| CVE-2018-14929 | 1 Matera | 1 Banco | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonstrated by the /contingency/web/index.jsp (aka home page) url parameter.
|
|||||
| CVE-2018-14924 | 1 Matera | 1 Banco | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Matera Banco 1.0.0 is vulnerable to multiple stored XSS, as demonstrated by the sca/privilegio/consultarUsuario.jsf "Nome Completo" (aka user fullname) field.
|
|||||
| CVE-2018-14922 | 1 Monstra | 1 Monstra | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Monstra CMS 3.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name field in the edit profile page.
|
|||||
| CVE-2018-14919 | 1 Loytec | 2 Lgate-902, Lgate-902 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
LOYTEC LGATE-902 6.3.2 devices allow XSS.
|
|||||
| CVE-2018-14906 | 1 3cx | 1 3cx Web Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters.
|
|||||
| CVE-2018-14905 | 1 3cx | 1 3cx Web Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter.
|
|||||
| CVE-2018-14904 | 1 Samsung | 1 Syncthru Web Service | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid.
|
|||||
| CVE-2018-14899 | 1 Epson | 2 Wf-2750, Wf-2750 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
On the EPSON WF-2750 printer with firmware JP02I2, the Web interface AirPrint Setup page is vulnerable to HTML Injection that can redirect users to malicious sites.
|
|||||
| CVE-2018-14890 | 1 Vectra | 1 Cognito | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Vectra Networks Cognito Brain and Sensor before 4.2 contains a cross-site scripting (XSS) vulnerability in the Web Management Console.
|
|||||
| CVE-2018-14888 | 1 Thank You\/like Project | 1 Thank You\/like | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
inc/plugins/thankyoulike.php in the Eldenroot Thank You/Like plugin before 3.1.0 for MyBB allows XSS via a post or thread subject.
|
|||||
| CVE-2018-14877 | 1 Weaselcms Project | 1 Weaselcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page.
|
|||||