Total
36961 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-0023 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | |||||
| CVE-2019-0018 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | |||||
| CVE-2018-9999 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend. | |||||
| CVE-2018-9997 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets. | |||||
| CVE-2018-9993 | 1 Yunucms | 1 Yunucms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/## page (aka a news center page). | |||||
| CVE-2018-9992 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen. | |||||
| CVE-2018-9991 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter. | |||||
| CVE-2018-9990 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Zulip Server versions before 1.7.2, there was an XSS issue with stream names in topic typeahead. | |||||
| CVE-2018-9987 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2, there was an XSS issue with muting notifications. | |||||
| CVE-2018-9986 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor. | |||||
| CVE-2018-9985 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator. | |||||
| CVE-2018-9928 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter. | |||||
| CVE-2018-9925 | 1 Icmsdev | 1 Icms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request. | |||||
| CVE-2018-9864 | 1 3cx | 1 Live Chat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field. | |||||
| CVE-2018-9861 | 2 Ckeditor, Drupal | 2 Enhanced Image, Drupal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG element. | |||||
| CVE-2018-9857 | 1 Match Clone Script Project | 1 Match Clone Script | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the "View Search By Id" screen). | |||||
| CVE-2018-9844 | 1 Iptanus | 1 Wordpress File Upload | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS. | |||||
| CVE-2018-9337 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. | |||||
| CVE-2018-9335 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. | |||||
| CVE-2018-9330 | 1 Coremail | 1 Coremail Xt | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by the third form field to a URI under register/, a different vulnerability than CVE-2015-6942. | |||||