Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12992 | 1 Maelostore Project | 1 Maelostore | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered CMS MaeloStore V.1.5.0. There is stored XSS in the Telephone field of the admin interface.
|
|||||
| CVE-2018-12981 | 1 Wago | 8 762-3000, 762-3000 Firmware, 762-3001 and 5 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting code within the WBM. The code will be rendered and/or executed in the browser of the user's browser.
|
|||||
| CVE-2018-12973 | 1 Opentsdb | 1 Opentsdb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'json' to the /q URI.
|
|||||
| CVE-2018-12944 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Persistent Cross-Site Scripting (XSS) vulnerability in the "Categories" feature in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the name field.
|
|||||
| CVE-2018-12943 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability in every page that includes the "action" URL parameter in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
|
|||||
| CVE-2018-12919 | 1 Craftedweb Project | 1 Craftedweb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In CraftedWeb through 2013-09-24, aasp_includes/pages/notice.php allows XSS via the e parameter.
|
|||||
| CVE-2018-12905 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
joyplus-cms 1.6.0 has XSS in admin_player.php, related to manager/index.php "system manage" and "add" actions.
|
|||||
| CVE-2018-12903 | 1 Cyberark | 1 Endpoint Privilege Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application Group Wizard.
|
|||||
| CVE-2018-12902 | 1 Easymagazine Project | 1 Easymagazine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Easy Magazine through 2012-10-26, there is XSS in the search bar of the web site.
|
|||||
| CVE-2018-12901 | 1 Mitel | 2 St, St Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts.
|
|||||
| CVE-2018-12806 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
|||||
| CVE-2018-12715 | 1 Digisol | 2 Dg-hr3400, Dg-hr3400 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged.
|
|||||
| CVE-2018-12711 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL.
|
|||||
| CVE-2018-12705 | 1 Digisol | 2 Dg-br4000ng, Dg-br4000ng Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side).
|
|||||
| CVE-2018-12696 | 1 Mao10 | 1 Mao10cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
mao10cms 6 allows XSS via the article page.
|
|||||
| CVE-2018-12695 | 1 Mao10 | 1 Mao10cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
mao10cms 6 allows XSS via the m=bbs&a=index page.
|
|||||
| CVE-2018-12672 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not perform proper validation on user-supplied input and is vulnerable to cross-site scripting attacks. If proper authorization was implemented, this vulnerability could be leveraged to perform actions on behalf of another user or the administrator.
|
|||||
| CVE-2018-12658 | 1 Slims Project | 1 Slims | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Reflected Cross-Site Scripting (XSS) exists in the Stock Take module in SLiMS 8 Akasia 8.3.1 via an admin/modules/stock_take/index.php?keywords= URI.
|
|||||
| CVE-2018-12657 | 1 Slims Akasia Project | 1 Slims Akasia | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Reflected Cross-Site Scripting (XSS) exists in the Master File module in SLiMS 8 Akasia 8.3.1 via an admin/modules/master_file/rda_cmc.php?keywords= URI.
|
|||||
| CVE-2018-12656 | 1 Slims Akasia Project | 1 Slims Akasia | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Reflected Cross-Site Scripting (XSS) exists in the Membership module in SLiMS 8 Akasia 8.3.1 via an admin/modules/membership/index.php?keywords= URI.
|
|||||
| CVE-2018-12655 | 1 Slims Akasia Project | 1 Slims Akasia | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Reflected Cross-Site Scripting (XSS) exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an admin/modules/circulation/loan_rules.php?keywords= URI, a related issue to CVE-2017-7242.
|
|||||
| CVE-2018-12654 | 1 Slims Akasia Project | 1 Slims Akasia | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Reflected Cross-Site Scripting (XSS) exists in the Bibliography module in SLiMS 8 Akasia 8.3.1 via an admin/modules/bibliography/index.php?keywords= URI.
|
|||||
| CVE-2018-12638 | 1 Bose | 1 Soundtouch | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app.
|
|||||
| CVE-2018-12627 | 1 Eventum Project | 1 Eventum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the show_notification_list_issues or show_authorized_issues parameter.
|
|||||
| CVE-2018-12626 | 1 Eventum Project | 1 Eventum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS via the cat parameter.
|
|||||
| CVE-2018-12625 | 1 Eventum Project | 1 Eventum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter.
|
|||||
| CVE-2018-12624 | 1 Eventum Project | 1 Eventum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XSS via the garlic_prefix parameter.
|
|||||
| CVE-2018-12623 | 1 Eventum Project | 1 Eventum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the current_page parameter.
|
|||||
| CVE-2018-12622 | 1 Eventum Project | 1 Eventum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the field_name parameter.
|
|||||
| CVE-2018-12611 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
OX App Suite 7.8.4 and earlier allows Directory Traversal.
|
|||||
| CVE-2018-12607 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding.
|
|||||
| CVE-2018-12606 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature.
|
|||||
| CVE-2018-12605 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.
|
|||||
| CVE-2018-12588 | 1 Public Knowledge Project | 1 Open Monograph Press | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1.2.0 through 3.1.1-2 before 3.1.1-3 allows remote attackers to inject arbitrary web script or HTML via the catalog.noTitlesSearch parameter (aka the Search field).
|
|||||
| CVE-2018-12587 | 1 German Spelling Dictionary Project | 1 German Spelling Dictionary | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability was found in valeuraddons German Spelling Dictionary v1.3 (an Opera Browser add-on). Instead of providing text for a spelling check, remote attackers may inject arbitrary web script or HTML via the ajax query parameter in the URL Address Bar.
|
|||||
| CVE-2018-12581 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature.
|
|||||
| CVE-2018-12580 | 1 Dragonbyte-tech | 1 Vbsecurity | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session['user_agent'] in the "Login Sessions" feature.
|
|||||
| CVE-2018-12501 | 1 Nagios | 1 Fusion | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335.
|
|||||
| CVE-2018-12480 | 1 Microfocus | 1 Access Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3.
|
|||||
| CVE-2018-12462 | 1 Netiq | 1 Imanager | 2024-11-21 | 4.3 MEDIUM | 4.8 MEDIUM |
|
NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.
|
|||||