Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12432 | 1 Javamelody Project | 1 Javamelody | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI.
|
|||||
| CVE-2018-12431 | 1 Seacms | 1 Seacms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
SeaCMS V6.61 has XSS via the site name parameter on an adm1n/admin_config.php page (aka a system management page).
|
|||||
| CVE-2018-12429 | 1 Jeesns | 1 Jeesns | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie.
|
|||||
| CVE-2018-12409 | 1 Tibco | 1 Silver Fabric | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions up to and including 5.8.1.
|
|||||
| CVE-2018-12355 | 1 Eng | 1 Knowage | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or description field to the "Olap Schemas' Catalogue" catalogue.
|
|||||
| CVE-2018-12353 | 1 Knowage-suite | 1 Knowage | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the "Business Model's Catalogue" catalogue.
|
|||||
| CVE-2018-12339 | 1 Articlecms Project | 1 Articlecms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
ArticleCMS through 2017-02-19 has XSS via an "add an article" action.
|
|||||
| CVE-2018-12319 | 1 Asustor | 2 As602t, Data Master | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title.
|
|||||
| CVE-2018-12311 | 1 Asustor | 2 As602t, Data Master | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename.
|
|||||
| CVE-2018-12310 | 1 Asustor | 2 As602t, Data Master | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature.
|
|||||
| CVE-2018-12305 | 1 Asustor | 1 Data Master | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript.
|
|||||
| CVE-2018-12304 | 1 Seagate | 1 Nas Os | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting in Application Manager in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via multiple application metadata fields: Short Description, Publisher Name, Publisher Contact, or Website URL.
|
|||||
| CVE-2018-12303 | 1 Seagate | 1 Nas Os | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names.
|
|||||
| CVE-2018-12302 | 1 Seagate | 1 Nas Os | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Missing HTTPOnly flag on session cookies in the Seagate NAS OS version 4.3.15.1 web application allows attackers to steal session tokens via cross-site scripting.
|
|||||
| CVE-2018-12299 | 1 Seagate | 1 Nas Os | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via uploaded file names.
|
|||||
| CVE-2018-12297 | 1 Seagate | 1 Nas Os | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting in API error pages in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via URL path names.
|
|||||
| CVE-2018-12290 | 1 Yii2-statemachine | 1 Yii2-statemachine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Yii2-StateMachine extension v2.x.x for Yii2 has XSS.
|
|||||
| CVE-2018-12273 | 1 Ximdex | 1 Ximdex | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad or Nombre parameter.
|
|||||
| CVE-2018-12272 | 1 Ximdex | 1 Ximdex | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
xowl/request.php in Ximdex 4.0 has XSS via the content parameter.
|
|||||
| CVE-2018-12266 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code.
|
|||||
| CVE-2018-12255 | 1 Invoiceplane | 1 Invoiceplane | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An XSS issue was discovered in InvoicePlane 1.5.10 via the "Quote PDF Password(Optional)" field.
|
|||||
| CVE-2018-12246 | 1 Symantec | 1 Web Isolation | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web sites. A successful attack allows injecting malicious JavaScript code into the website's rendered copy running inside the end user's web browser. It does not allow injecting code into the real (isolated) copy of the website running on the WI Threat Isol ...
Show More |
|||||
| CVE-2018-12241 | 1 Symantec | 1 Security Analytics | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP address can craft a malicious URL for the SA web UI and target SA web UI users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious JavaScript code into the SA web UI client application.
|
|||||
| CVE-2018-12229 | 1 Sfu | 1 Open Journal System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Public Knowledge Project (PKP) Open Journal System (OJS) 3.0.0 to 3.1.1-1 allows remote attackers to inject arbitrary web script or HTML via the templates/frontend/pages/search.tpl parameter (aka the By Author field).
|
|||||
| CVE-2018-12111 | 1 Canon | 1 Efi Printme | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /wt3/mydocs.php URI.
|
|||||
| CVE-2018-12104 | 1 Airbnb | 1 Knowledge Repo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Airbnb Knowledge Repo 0.7.4 allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the post/posts/new_report.kp URI.
|
|||||
| CVE-2018-12101 | 1 Clippercms | 1 Clippercms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields.
|
|||||
| CVE-2018-12100 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI.
|
|||||
| CVE-2018-12099 | 2 Grafana, Netapp | 3 Grafana, Active Iq Performance Analytics Services, Storagegrid Webscale Nas Bridge | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links.
|
|||||
| CVE-2018-12095 | 1 Oecms Project | 1 Oecms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php.
|
|||||
| CVE-2018-12094 | 1 Dimofinf | 1 Dimofinf Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
|||||
| CVE-2018-12090 | 1 Lamsfoundation | 1 Lams | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change.
|
|||||
| CVE-2018-12073 | 1 Eminent-online | 1 Em4544 | 2024-11-21 | 2.9 LOW | 5.3 MEDIUM |
|
An issue was discovered on Eminent EM4544 9.10 devices. The device does not require the user's current password to set a new one within the web interface. Therefore, it is possible to exploit this issue (e.g., in combination with a successful XSS, or at an unattended workstation) to change the admin password to an attacker-chosen value without knowing the current password.
|
|||||
| CVE-2018-12047 | 1 Ximdex | 1 Ximdex | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters for non-negative values of n, as demonstrated by n equal to 0 through 12.
|
|||||
| CVE-2018-12043 | 1 Getsymphony | 1 Symphony | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page.
|
|||||
| CVE-2018-12040 | 1 Sensiolabs | 1 Symfony | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should never be deployed in production (so, we don't handle those issues as security issues).
|
|||||
| CVE-2018-12030 | 1 Chevereto | 1 Chevereto | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Chevereto Free before 1.0.13 has XSS.
|
|||||
| CVE-2018-11735 | 1 Ximdex | 1 Ximdex | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter.
|
|||||
| CVE-2018-11734 | 1 E107 | 1 E107 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In e107 v2.1.7, output without filtering results in XSS.
|
|||||
| CVE-2018-11715 | 1 Recent Threads Project | 1 Recent Threads | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject.
|
|||||