Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14875 | 1 Polarisft | 1 Intellect Core Banking | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. Reflected XSS exists with an authenticated session via the Customerid, formName, FrameId, or MODE parameter.
|
|||||
| CVE-2018-14873 | 1 Rincewind Project | 1 Rincewind | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in Rincewind 0.1. There is a cross-site scripting (XSS) vulnerability involving a p=account request to index.php and another file named commonPages.php.
|
|||||
| CVE-2018-14869 | 1 Php Template Store Script Project | 1 Php Template Store Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile.
|
|||||
| CVE-2018-14850 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image.
|
|||||
| CVE-2018-14849 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php.
|
|||||
| CVE-2018-14846 | 1 Mondula | 1 Multi Step Form | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php.
|
|||||
| CVE-2018-14840 | 1 Intelliants | 1 Subrion | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads).
|
|||||
| CVE-2018-14838 | 1 Rejucms Project | 1 Rejucms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
rejucms 2.1 has stored XSS via the admin/book.php content parameter.
|
|||||
| CVE-2018-14837 | 1 Wolfcms | 1 Wolf Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Wolf CMS 0.8.3.1 has XSS in the Snippets tab, as demonstrated by a ?/admin/snippet/edit/1 URI.
|
|||||
| CVE-2018-14835 | 1 Subrion | 1 Subrion Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple areas.
|
|||||
| CVE-2018-14784 | 1 Netcommwireless | 2 Nwl-25, Nwl-25 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device is vulnerable to several cross-site scripting attacks, allowing a remote attacker to run arbitrary code on the device.
|
|||||
| CVE-2018-14777 | 1 Dleviet | 1 Datalife Engine | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in DataLife Engine (DLE) through 13.0. An attacker can use XSS (related to the /addnews.html and /index.php?do=addnews URIs) to send a malicious script to unsuspecting Admins or users.
|
|||||
| CVE-2018-14776 | 1 Clickstudios | 1 Passwordstate | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded HTML document.
|
|||||
| CVE-2018-14724 | 1 Mybb | 1 Ban List | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page.
|
|||||
| CVE-2018-14710 | 1 Asus | 2 Rt-ac3200, Rt-ac3200 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute JavaScript via the "hook" URL parameter.
|
|||||
| CVE-2018-14704 | 1 Drobo | 2 5n2, 5n2 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via a malformed URL path.
|
|||||
| CVE-2018-14698 | 1 Drobo | 2 5n2, 5n2 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the "username" URL parameter.
|
|||||
| CVE-2018-14697 | 1 Drobo | 2 5n2, 5n2 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the username URL parameter.
|
|||||
| CVE-2018-14691 | 1 Subsonic | 1 Subsonic | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victim.
|
|||||
| CVE-2018-14690 | 1 Subsonic | 1 Subsonic | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information of a victim.
|
|||||
| CVE-2018-14689 | 1 Subsonic | 1 Subsonic | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the name[x], sourceformats[x], targetFormat[x], step1[x], and step2[x] parameters (where x is an integer) to transcodingSettings.view that could be used to steal session information of a victim.
|
|||||
| CVE-2018-14688 | 1 Subsonic | 1 Subsonic | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the name[x], streamUrl[x], homepageUrl[x] parameters (where x is an integer) to internetRadioSettings.view that could be used to steal session information of a victim.
|
|||||
| CVE-2018-14686 | 1 Xycms Project | 1 Xycms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
system/edit_book.php in XYCMS 1.7 has stored XSS via a crafted add_do.php request, related to add_book.php.
|
|||||
| CVE-2018-14683 | 1 Paessler | 1 Prtg Network Monitor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
PRTG before 19.1.49.1966 has Cross Site Scripting (XSS) in the WEBGUI.
|
|||||
| CVE-2018-14664 | 1 Theforeman | 1 Foreman | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions to edit which attribute is used in the breadcrumbs bar to store code that will be executed on the client side.
|
|||||
| CVE-2018-14655 | 1 Redhat | 3 Keycloak, Linux, Single Sign-on | 2024-11-21 | 3.5 LOW | 4.6 MEDIUM |
|
A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login.
|
|||||
| CVE-2018-14631 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 MEDIUM | 8.8 HIGH |
|
moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter.
|
|||||
| CVE-2018-14606 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion.
|
|||||
| CVE-2018-14605 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit.
|
|||||
| CVE-2018-14604 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline.
|
|||||
| CVE-2018-14575 | 1 Mybb | 1 Trash Bin | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject.
|
|||||
| CVE-2018-14541 | 1 Readymadeb2bscript | 1 Basic B2b | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields.
|
|||||
| CVE-2018-14527 | 1 Xiao5ucompany Project | 1 Xiao5ucompany | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient (for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements).
|
|||||
| CVE-2018-14517 | 1 Seacms | 1 Seacms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
SeaCMS 6.61 has two XSS issues in the admin_config.php file via certain form fields.
|
|||||
| CVE-2018-14513 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[content] parameter to the index.php?m=feedback&f=index&v=contact URI.
|
|||||
| CVE-2018-14504 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'foobar" onclick="alert(1)').
|
|||||
| CVE-2018-14503 | 1 Coremail | 1 Coremail Xt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in Coremail XT 3.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.
|
|||||
| CVE-2018-14500 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter.
|
|||||
| CVE-2018-14499 | 1 Hyphp | 1 Hybbs | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was found in HYBBS through 2016-03-08. There is an XSS vulnerablity via an article title to post.html.
|
|||||
| CVE-2018-14497 | 1 Tendacn | 2 D152, D152 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Tenda D152 ADSL routers allow XSS via a crafted SSID.
|
|||||