Total
36957 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-8247 | 1 Microsoft | 2 Office Online Server, Office Web Apps | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2018-8245. | |||||
CVE-2018-8168 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8156. | |||||
CVE-2018-8159 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server. | |||||
CVE-2018-8156 | 1 Microsoft | 2 Project Server, Sharepoint Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint, Microsoft Project Server. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8168. | |||||
CVE-2018-8155 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8149, CVE-2018-8156, CVE-2018-8168. | |||||
CVE-2018-8152 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server. | |||||
CVE-2018-8149 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8155, CVE-2018-8156, CVE-2018-8168. | |||||
CVE-2018-8108 | 1 Bui Project | 1 Bui | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The select component in bui through 2018-03-13 has XSS because it performs an escape operation on already-escaped text, as demonstrated by workGroupList text. | |||||
CVE-2018-8078 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adver/edit.html. | |||||
CVE-2018-8071 | 1 Mautic | 1 Mautic | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Mautic before v2.13.0 has stored XSS via a theme config file. | |||||
CVE-2018-8070 | 1 Qcms | 1 Qcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
QCMS version 3.0 has XSS via the title parameter to the /guest/index.html URI. | |||||
CVE-2018-8069 | 1 Qcms | 1 Qcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI. | |||||
CVE-2018-8062 | 1 Comtrend | 2 Ar-5387un, Ar-5387un Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service. | |||||
CVE-2018-8058 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter. | |||||
CVE-2018-8048 | 2 Debian, Loofah Project | 2 Debian Linux, Loofah | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment. | |||||
CVE-2018-8047 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably prior versions. This vulnerability could allow remote unauthenticated attackers to inject arbitrary web script or HTML via index.php?module=Contacts&view=List (app parameter). | |||||
CVE-2018-8046 | 1 Sencha | 1 Ext Js | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. This framework brings no built-in XSS protection, so the developer has to ensure that data is correctly sanitized. However, the getTip() method of Action Columns takes HTML-escaped data and un-escapes it. If the tooltip contains user-controlled data, an attacker could exploit this to create a cross-site scripting attack, even when developers took precautions and escaped data. | |||||
CVE-2018-8035 | 1 Apache | 1 Uimaducc | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code. | |||||
CVE-2018-8031 | 1 Apache | 1 Tomee | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The Apache TomEE console (tomee-webapp) has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web application is typically used to add TomEE features to a Tomcat installation. The TomEE bundles do not ship with this application included. This issue can be mitigated by removing the application after TomEE is setup (if using the application to install TomEE), using one of the provided pre-configured bundles, or by upgrading to TomEE 7.0.5. This issue is resolve in this commit: b8bbf50c23ce97dd64f3a5d77f78f84e47579863. | |||||
CVE-2018-8006 | 1 Apache | 1 Activemq | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter. |