Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10369 | 1 Intelbras | 2 Win 240, Win 240 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login.
|
|||||
| CVE-2018-10366 | 1 User Project | 1 User | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in the Users (aka Front-end user management) plugin 1.4.5 for October CMS. XSS exists in the name field.
|
|||||
| CVE-2018-10365 | 1 Threads To Link Project | 1 Threads To Link | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An XSS issue was discovered in the Threads to Link plugin 1.3 for MyBB. When editing a thread, the user is given the option to convert the thread to a link. The thread link input box is not properly sanitized.
|
|||||
| CVE-2018-10364 | 1 Bigtreecms | 1 Bigtree Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
BigTree before 4.2.22 has XSS in the Users management page via the name or company field.
|
|||||
| CVE-2018-10329 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter.
|
|||||
| CVE-2018-10326 | 1 Printeron | 1 Printeron | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PrinterOn Enterprise 4.1.3 suffers from multiple authenticated stored XSS vulnerabilities via the (1) department field in the printer configuration, (2) description field in the print server configuration, and (3) username field for authentication to print as guest.
|
|||||
| CVE-2018-10321 | 1 Frogcms Project | 1 Frogcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings.
|
|||||
| CVE-2018-10320 | 1 Frogcms Project | 1 Frogcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] parameter, aka Edit Layout.
|
|||||
| CVE-2018-10319 | 1 Frogcms Project | 1 Frogcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] parameter, aka Edit Snippet.
|
|||||
| CVE-2018-10318 | 1 Frogcms Project | 1 Frogcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Frog CMS 0.9.5 has XSS via the admin/?/page/edit page[keywords] parameter, aka Edit Page Metadata.
|
|||||
| CVE-2018-10314 | 1 Opmantek | 1 Open-audit | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section.
|
|||||
| CVE-2018-10310 | 1 Catapultthemes | 1 Cookie Consent | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary HTML/script code in the context of a victim's browser.
|
|||||
| CVE-2018-10309 | 1 Responsive Cookie Consent Project | 1 Responsive Cookie Consent | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The Responsive Cookie Consent plugin before 1.8 for WordPress mishandles number fields, leading to XSS.
|
|||||
| CVE-2018-10307 | 1 Ilias | 1 Ilias | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception.
|
|||||
| CVE-2018-10306 | 1 Ilias | 1 Ilias | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date.
|
|||||
| CVE-2018-10301 | 1 Web-dorado | 1 Wd Instagram Feed | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 Premium for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in a comment on an Instagram post.
|
|||||
| CVE-2018-10300 | 1 Web-dorado | 1 Wd Instagram Feed | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in an Instagram profile's bio.
|
|||||
| CVE-2018-10298 | 1 Discuz | 1 Discuzx | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content.
|
|||||
| CVE-2018-10297 | 1 Discuz | 1 Discuzx | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images.
|
|||||
| CVE-2018-10296 | 1 1234n | 1 Minicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php title parameter.
|
|||||
| CVE-2018-10294 | 1 Flexense | 1 Diskboss | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS.
|
|||||
| CVE-2018-10268 | 1 Fastadmin | 1 Fastadmin | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in FastAdmin V1.0.0.20180417_beta. There is XSS via the application\api\controller\User.php avatar parameter.
|
|||||
| CVE-2018-10259 | 1 Hrsale Project | 1 Hrsale | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.
|
|||||
| CVE-2018-10250 | 1 Icmsdev | 1 Icms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search.
|
|||||
| CVE-2018-10234 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the wp-admin/admin.php?page=um_options§ion=account page.
|
|||||
| CVE-2018-10231 | 1 Topdesk | 1 Topdesk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in TOPdesk before 8.05.017 (June 2018 version) and before 5.7.SR9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
|
|||||
| CVE-2018-10230 | 1 Zend | 1 Zend Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455.
|
|||||
| CVE-2018-10228 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI.
|
|||||
| CVE-2018-10227 | 1 1234n | 1 Minicms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter.
|
|||||
| CVE-2018-10221 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tag[tag] parameter to the index.php?m=tags&f=index&v=add&&_su=wuzhicms URI. After a website editor (whose privilege is lower than the administrator) logs in, he can add a new TAGS with the XSS payload.
|
|||||
| CVE-2018-10183 | 1 Bigtreecms | 1 Bigtree Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in BigTree 4.2.22. There is cross-site scripting (XSS) in /core/inc/lib/less.php/test/index.php because of a $_SERVER['REQUEST_URI'] echo, as demonstrated by the dir parameter in a file=charsets action.
|
|||||
| CVE-2018-10165 | 1 Tp-link | 1 Eap Controller | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This is fixed in version 2.6.1_Windows.
|
|||||
| CVE-2018-10164 | 1 Tp-link | 1 Eap Controller | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is fixed in version 2.6.1_Windows.
|
|||||
| CVE-2018-10141 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML.
|
|||||
| CVE-2018-10139 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affected.
|
|||||
| CVE-2018-10138 | 1 Catalooksupport | 1 .netstore | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The CATALooK.netStore module through 7.2.8 for DNN (formerly DotNetNuke) allows XSS via the /ViewEditGoogleMaps.aspx PortalID or CATSkin parameter, or the /ImageViewer.aspx link or desc parameter.
|
|||||
| CVE-2018-10136 | 1 Iscripts | 1 Uberforx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
iScripts UberforX 2.2 has Stored XSS in the "manage_settings" section of the Admin Panel via a value field to the /cms?section=manage_settings&action=edit URI.
|
|||||
| CVE-2018-10135 | 1 Iscripts | 1 Eswap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel.
|
|||||
| CVE-2018-10128 | 1 Xyhcms Project | 1 Xyhcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php.
|
|||||
| CVE-2018-10125 | 1 Contao | 1 Contao | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Contao before 4.5.7 has XSS in the system log.
|
|||||