Total
36955 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-8152 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server. | |||||
CVE-2018-8149 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8155, CVE-2018-8156, CVE-2018-8168. | |||||
CVE-2018-8108 | 1 Bui Project | 1 Bui | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The select component in bui through 2018-03-13 has XSS because it performs an escape operation on already-escaped text, as demonstrated by workGroupList text. | |||||
CVE-2018-8078 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adver/edit.html. | |||||
CVE-2018-8071 | 1 Mautic | 1 Mautic | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Mautic before v2.13.0 has stored XSS via a theme config file. | |||||
CVE-2018-8070 | 1 Qcms | 1 Qcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
QCMS version 3.0 has XSS via the title parameter to the /guest/index.html URI. | |||||
CVE-2018-8069 | 1 Qcms | 1 Qcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI. | |||||
CVE-2018-8062 | 1 Comtrend | 2 Ar-5387un, Ar-5387un Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service. | |||||
CVE-2018-8058 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter. | |||||
CVE-2018-8048 | 2 Debian, Loofah Project | 2 Debian Linux, Loofah | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment. | |||||
CVE-2018-8047 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably prior versions. This vulnerability could allow remote unauthenticated attackers to inject arbitrary web script or HTML via index.php?module=Contacts&view=List (app parameter). | |||||
CVE-2018-8046 | 1 Sencha | 1 Ext Js | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. This framework brings no built-in XSS protection, so the developer has to ensure that data is correctly sanitized. However, the getTip() method of Action Columns takes HTML-escaped data and un-escapes it. If the tooltip contains user-controlled data, an attacker could exploit this to create a cross-site scripting attack, even when developers took precautions and escaped data. | |||||
CVE-2018-8035 | 1 Apache | 1 Uimaducc | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code. | |||||
CVE-2018-8031 | 1 Apache | 1 Tomee | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The Apache TomEE console (tomee-webapp) has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web application is typically used to add TomEE features to a Tomcat installation. The TomEE bundles do not ship with this application included. This issue can be mitigated by removing the application after TomEE is setup (if using the application to install TomEE), using one of the provided pre-configured bundles, or by upgrading to TomEE 7.0.5. This issue is resolve in this commit: b8bbf50c23ce97dd64f3a5d77f78f84e47579863. | |||||
CVE-2018-8006 | 1 Apache | 1 Activemq | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter. | |||||
CVE-2018-7997 | 1 Eramba | 1 Eramba | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Eramba e1.0.6.033 has Reflected XSS on the Error page of the CSV file inclusion tab of the /importTool/preview URI, with a CSV file polluted with malicious JavaScript. | |||||
CVE-2018-7996 | 1 Eramba | 1 Eramba | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Eramba e1.0.6.033 has Stored XSS on the tooltip box via the /programScopes description parameter. | |||||
CVE-2018-7976 | 1 Huawei | 1 Espace Desktop | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop. | |||||
CVE-2018-7894 | 1 Eramba | 1 Eramba | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Eramba e1.0.6.033 has Reflected XSS in reviews/filterIndex/ThirdPartyRiskReview via the advanced_filter parameter (aka the Search Parameter). | |||||
CVE-2018-7893 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter. |