Vulnerabilities (CVE)

Filtered by CWE-79
Total 36961 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-9016 1 Dsmall Project 1 Dsmall 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
dsmall v20180320 allows XSS via the main page search box at the public/index.php/home URI.
CVE-2018-9015 1 Dsmall Project 1 Dsmall 2024-11-21 3.5 LOW 5.4 MEDIUM
dsmall v20180320 allows XSS via the public/index.php/home/predeposit/index.html pdr_sn parameter (aka the CMS search box).
CVE-2018-8979 1 Open-audit 1 Open-audit 2024-11-21 6.8 MEDIUM 8.8 HIGH
Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI.
CVE-2018-8978 1 Open-audit 1 Open-audit 2024-11-21 3.5 LOW 5.4 MEDIUM
Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI.
CVE-2018-8973 1 Otcms 1 Otcms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
OTCMS 3.20 allows XSS by adding a keyword or link to an article, as demonstrated by an admin/keyWord_deal.php?mudi=add request.
CVE-2018-8957 1 Covercms Project 1 Covercms 2024-11-21 3.5 LOW 5.4 MEDIUM
CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related to admina/mconfigs.inc.php.
CVE-2018-8948 1 Misp-project 1 Misp 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has multiple XSS issues via a malicious MISP module.
CVE-2018-8942 1 Xiuno Bbs Project 1 Xiuno Bbs 2024-11-21 3.5 LOW 5.4 MEDIUM
Xiuno BBS 4.0.0 has XSS in the adminpage sitename parameter.
CVE-2018-8928 1 Synology 1 Carddav Server 2024-11-21 3.5 LOW 6.5 MEDIUM
Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_name, or (3) additional_name parameter.
CVE-2018-8924 1 Synology 1 Office 2024-11-21 3.5 LOW 6.5 MEDIUM
Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.
CVE-2018-8923 1 Synology 1 File Station 2024-11-21 3.5 LOW 6.5 MEDIUM
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.
CVE-2018-8921 1 Synology 1 Drive Server 2024-11-21 3.5 LOW 6.5 MEDIUM
Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.
CVE-2018-8918 1 Synology 1 Router Manager 2024-11-21 3.5 LOW 6.5 MEDIUM
Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter.
CVE-2018-8915 1 Synology 1 Calendar 2024-11-21 3.5 LOW 6.5 MEDIUM
Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter.
CVE-2018-8912 1 Synology 1 Note Station 2024-11-21 3.5 LOW 6.5 MEDIUM
Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commit_msg parameter.
CVE-2018-8911 1 Synology 1 Note Station 2024-11-21 3.5 LOW 6.5 MEDIUM
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.
CVE-2018-8910 1 Synology 1 Drive Server 2024-11-21 3.5 LOW 6.5 MEDIUM
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.
CVE-2018-8906 1 Dsmall Project 1 Dsmall 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/address_id/2.html.
CVE-2018-8903 1 Open-audit 1 Open-audit 2024-11-21 3.5 LOW 5.4 MEDIUM
Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen.
CVE-2018-8900 1 Gemalto 1 Sentinel Ldk Rte 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The License Manager service of HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE 7.80 allows remote attackers to inject malicious web script in the logs page of Admin Control Center (ACC) for cross-site scripting (XSS) vulnerability.