Vulnerabilities (CVE)

Filtered by CWE-79
Total 36961 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-8891 1 Blackberry 1 Unified Endpoint Manager 2024-11-21 3.5 LOW 4.8 MEDIUM
Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator.
CVE-2018-8888 1 Blackberry 1 Unified Endpoint Manager 2024-11-21 3.5 LOW 4.8 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator.
CVE-2018-8846 1 Philips 1 E-alert Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is then served to other users.
CVE-2018-8832 1 Enhavo 1 Enhavo 2024-11-21 3.5 LOW 4.8 MEDIUM
enhavo 0.4.0 has XSS via a user-group that contains executable JavaScript code in the user-group name. The XSS attack launches when a victim visits the admin user group page.
CVE-2018-8831 1 Kodi 1 Kodi 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.
CVE-2018-8827 1 Technicolor 2 Tg789vac, Tg789vac Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS.
CVE-2018-8815 1 Alkacon 1 Opencms 2024-11-21 3.5 LOW 4.6 MEDIUM
Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image.
CVE-2018-8805 1 Yxcms 1 Yxcms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Yxcms building system (compatible cell phone) v1.4.7 has XSS via the content parameter to protected\apps\default\view\default\extend_guestbook.php or protected\apps\default\view\mobile\extend_guestbook.php in an index.php?r=default/column/index&col=guestbook request.
CVE-2018-8772 1 Coship 2 Rt3052, Rt3052 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Coship RT3052 4.0.0.48 devices allow XSS via a crafted SSID field on the "Wireless Setting - Basic" screen.
CVE-2018-8767 1 Joyplus-cms Project 1 Joyplus-cms 2024-11-21 3.5 LOW 4.8 MEDIUM
joyplus-cms 1.6.0 has XSS in manager/admin_ajax.php?action=save&tab={pre}vod_type via the t_name parameter.
CVE-2018-8763 2 Debian, Ldap-account-manager 2 Debian Linux, Ldap Account Manager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI.
CVE-2018-8738 1 Airties 4 5444, 5444 Firmware, 5444tt and 1 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Airties 5444 1.0.0.18 and 5444TT 1.0.0.18 devices allow XSS.
CVE-2018-8737 1 Bylancer 1 Bookme 2024-11-21 3.5 LOW 5.4 MEDIUM
Bookme Control Panel 2.0 Application is vulnerable to stored XSS within the Customers "Book Me" function. Within the Name and Note (aka custName and custNote) sections of the Customers screen, the application does not sanitize user-supplied input and renders injected JavaScript code to the user's browser.
CVE-2018-8732 1 Wampserver 1 Wampserver 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in WampServer 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the virtual_del parameter.
CVE-2018-8729 1 Pojo 1 Activity Log 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped.
CVE-2018-8728 1 Kontena 1 Kontena 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
server/app/views/static/code.html in Kontena before 1.5.0 allows XSS in "kontena master login --remote" code display, as demonstrated by /code#code= in a URI.
CVE-2018-8722 1 Zohocorp 1 Manageengine Desktop Central 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026.
CVE-2018-8721 1 Zohocorp 1 Manageengine Eventlog Analyzer 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored XSS related to the index2.do?url=editAlertForm&tab=alert&alert=profile URI and the Edit Alert Profile screen
CVE-2018-8720 1 Servicenow 1 It Service Management 2024-11-21 3.5 LOW 5.4 MEDIUM
ServiceNow ITSM 2016-06-02 has XSS via the First Name or Last Name field of My Profile (aka navpage.do), or the Search bar of My Portal (aka search_results.do).
CVE-2018-8716 1 Wso2 1 Identity Server 2024-11-21 3.5 LOW 5.4 MEDIUM
WSO2 Identity Server before 5.5.0 has XSS via the dashboard, allowing attacks by low-privileged attackers.