Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10121 | 1 Monstra | 1 Monstra | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the title section of an admin/index.php?id=pages&action=edit_page&name=error404 (aka Edit 404 page) action.
|
|||||
| CVE-2018-10118 | 1 Monstra | 1 Monstra | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php.
|
|||||
| CVE-2018-10110 | 2 D-link, Dlink | 2 Dir-615 T1 Firmware, Dir-615 T1 | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
D-Link DIR-615 T1 devices allow XSS via the Add User feature.
|
|||||
| CVE-2018-10109 | 1 Monstra | 1 Monstra | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog.
|
|||||
| CVE-2018-10108 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php.
|
|||||
| CVE-2018-10107 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php.
|
|||||
| CVE-2018-10102 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.
|
|||||
| CVE-2018-10097 | 1 Smartscriptsolutions | 1 Domain Trader | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS exists in Domain Trader 2.5.3 via the recoverlogin.php email_address parameter.
|
|||||
| CVE-2018-10096 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
joyplus-cms 1.6.0 has XSS via the device_name parameter in a manager/admin_ajax.php?action=save flag=add request.
|
|||||
| CVE-2018-10095 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.
|
|||||
| CVE-2018-10091 | 1 Audiocodes | 2 420hd Ip Phone, 420hd Ip Phone Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow XSS.
|
|||||
| CVE-2018-10078 | 1 Vertiv | 1 Watchdog Console | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a server description.
|
|||||
| CVE-2018-10076 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality (the search box of the Dashboard).
|
|||||
| CVE-2018-10075 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature.
|
|||||
| CVE-2018-10073 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
joyplus-cms 1.6.0 has XSS in manager/admin_vod.php via the keyword parameter.
|
|||||
| CVE-2018-10068 | 1 Jdownloads | 1 Jdownloads | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The jDownloads extension before 3.2.59 for Joomla! has XSS.
|
|||||
| CVE-2018-10061 | 2 Cacti, Debian | 2 Cacti, Debian Linux | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).
|
|||||
| CVE-2018-10060 | 2 Cacti, Debian | 2 Cacti, Debian Linux | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.
|
|||||
| CVE-2018-10059 | 1 Cacti | 1 Cacti | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name.
|
|||||
| CVE-2018-10052 | 1 Iscripts | 1 Supportdesk | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult.php txtinteligentsearch parameter.
|
|||||
| CVE-2018-10051 | 1 Iscripts | 1 Supportdesk | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
iScripts SupportDesk v4.3 has XSS via the staff/inteligentsearchresult.php txtinteligentsearch parameter.
|
|||||
| CVE-2018-10049 | 1 Iscripts | 1 Eswap | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel.
|
|||||
| CVE-2018-10033 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter.
|
|||||
| CVE-2018-10032 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter.
|
|||||
| CVE-2018-10029 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799.
|
|||||
| CVE-2018-10026 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/module/init.html echostr parameter, related to the valid function in application/wechat/controller/index.class.php.
|
|||||
| CVE-2018-10023 | 1 Catfish-cms | 1 Catfish Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Catfish CMS V4.7.21 allows XSS via the pinglun parameter to cat/index/index/pinglun (aka an authenticated comment).
|
|||||
| CVE-2018-10000 | 1 Videodownloaderultimate | 1 Video Downloader | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Video Downloader professional extension before 2018-04-05 for Chrome has Universal XSS (UXSS) via vectors related to a link64_msgAddLinks event.
|
|||||
| CVE-2018-1002009 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable.
|
|||||
| CVE-2018-1002008 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable.
|
|||||
| CVE-2018-1002007 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id.
|
|||||
| CVE-2018-1002006 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes
|
|||||
| CVE-2018-1002005 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.
|
|||||
| CVE-2018-1002004 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
|
|||||
| CVE-2018-1002003 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
|
|||||
| CVE-2018-1002002 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
|
|||||
| CVE-2018-1002001 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
|
|||||
| CVE-2018-1000998 | 1 Freebsd | 1 Cvsweb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. It might impact other sites on same domain. This attack appears to be exploitable via victim must load specially crafted url. This vulnerability appears to have been fixed in 3.x.
|
|||||
| CVE-2018-1000887 | 1 Peel | 1 Peel Shopping | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Peel shopping peel-shopping_9_1_0 version contains a Cross Site Scripting (XSS) vulnerability that can result in an authenticated user injecting java script code in the "Site Name EN" parameter. This attack appears to be exploitable if the malicious user has access to the administration account.
|
|||||
| CVE-2018-1000870 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. Admin(Victim) views user in admin-panel and gets exploited.. This vulnerability appears to have been fixed in 1.4.
|
|||||