Vulnerabilities (CVE)

Filtered by CWE-79
Total 36955 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-7859 1 Dlink 16 Dgs-1510-20, Dgs-1510-20 Firmware, Dgs-1510-28 and 13 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A security vulnerability in D-Link DGS-1510-series switches with firmware 1.20.011, 1.30.007, 1.31.B003 and older that may allow a remote attacker to inject malicious scripts in the device and execute commands via browser that is configuring the unit.
CVE-2018-7834 1 Schneider-electric 2 Tsxetg100, Tsxetg100 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A CWE-79 Cross-Site Scripting vulnerability exists in all versions of the TSXETG100 allowing an attacker to send a specially crafted URL with an embedded script to a user that would then be executed within the context of that user.
CVE-2018-7831 1 Schneider-electric 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more 2024-11-21 4.3 MEDIUM 8.8 HIGH
An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a password change on the web server.
CVE-2018-7827 1 Schneider-electric 118 D6220, D6220 Firmware, D6220l and 115 more 2024-11-21 3.5 LOW 5.4 MEDIUM
A Cross-Site Scripting (XSS) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which a remote attacker can execute arbitrary HTML and script code in a user’s browser session.
CVE-2018-7810 1 Schneider-electric 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to craft a URL containing JavaScript that will be executed within the user's browser, potentially impacting the machine the browser is running on.
CVE-2018-7795 1 Schneider-electric 2 Powerlogic Pm5560, Powerlogic Pm5560 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code.
CVE-2018-7786 1 Schneider-electric 1 U.motion Builder 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts.
CVE-2018-7747 1 Calderalabs 1 Caldera Forms 2024-11-21 3.5 LOW 4.8 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log, or (3) an imported form.
CVE-2018-7746 1 Cobub 1 Razor 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin.
CVE-2018-7741 1 Eramba 1 Eramba 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the created parameter to the /crons URI.
CVE-2018-7736 1 Zblogcn 1 Z-blogphp 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZC_BLOG_SUBNAME parameter or ZC_UPLOAD_FILETYPE parameter. NOTE: the software maintainer disputes that this is a vulnerability
CVE-2018-7724 1 Piwigo 1 Piwigo 2024-11-21 3.5 LOW 5.4 MEDIUM
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request. CSRF exploitation, related to CVE-2017-10681, may be possible.
CVE-2018-7723 1 Piwigo 1 Piwigo 2024-11-21 3.5 LOW 5.4 MEDIUM
The management panel in Piwigo 2.9.3 has stored XSS via the virtual_name parameter in a /admin.php?page=cat_list request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible.
CVE-2018-7722 1 Piwigo 1 Piwigo 2024-11-21 3.5 LOW 5.4 MEDIUM
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible.
CVE-2018-7721 1 Metinfo 1 Metinfo 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data.
CVE-2018-7717 1 Kubik-rubik 1 Simple Image Gallery Extended 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The htmlImageAddTitleAttribute function in sige.php in the Kubik-Rubik Simple Image Gallery Extended (SIGE) extension 3.2.3 for Joomla! has XSS via a crafted image header, as demonstrated by the Caption-Abstract header object in a JPEG file. This is fixed in 3.3.1.
CVE-2018-7707 1 Securenvoy 1 Securmail 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via an HTML-formatted e-mail message.
CVE-2018-7703 1 Securenvoy 1 Securmail 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via the mailboxid parameter to secmail/getmessage.exe.
CVE-2018-7681 1 Microfocus 1 Solutions Business Manager 2024-11-21 3.5 LOW 4.8 MEDIUM
Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system.
CVE-2018-7680 1 Microfocus 1 Solutions Business Manager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values.