Total
36955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7678 | 1 Netiq | 1 Access Manager | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4. | |||||
| CVE-2018-7663 | 1 Voten | 1 Voten | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in resources/views/layouts/app.blade.php in Voten.co before 2017-08-25. An unescaped template literal in the bio field of a user profile (resources/views/layouts/app.blade.php) allows for server-side template injection of arbitrary JavaScript. | |||||
| CVE-2018-7660 | 1 Opentext | 1 Documentum D2 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Reflected Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via the servlet/Download _docbase or _username parameter. | |||||
| CVE-2018-7659 | 1 Opentext | 1 Documentum D2 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Stored Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via a filename of an uploaded image file. | |||||
| CVE-2018-7653 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. | |||||
| CVE-2018-7652 | 1 Zonemaster | 1 Zonemaster Web Gui | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 has XSS. | |||||
| CVE-2018-7650 | 1 Hot Scripts Clone Project | 1 Hot Scripts Clone | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS within the "Add New" function for a Management User. Within the "Add New" section, the application does not sanitize user supplied input to the name parameter, and renders injected JavaScript code to the user's browser. This is different from CVE-2018-6878. | |||||
| CVE-2018-7649 | 1 Fibranet | 1 Monitorix | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Monitorix before 3.10.1 allows XSS via CGI variables. | |||||
| CVE-2018-7636 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs. | |||||
| CVE-2018-7603 | 1 Search Autocomplete Project | 1 Search Autocomplete | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Drupal's 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website (nodes, comments, etc.). The module doesn't sufficiently filter user-entered text among the autocompletion items leading to a Cross Site Scripting (XSS) vulnerability. This vulnerability can be exploited by any user allowed to create one of the autocompletion item, for instance, nodes, users, comments. | |||||
| CVE-2018-7564 | 1 Polycom | 2 Qdx 6000, Qdx 6000 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS exists on Polycom QDX 6000 devices. | |||||
| CVE-2018-7563 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GLPI through 9.2.1. The application is affected by XSS in the query string to front/preference.php. An attacker is able to create a malicious URL that, if opened by an authenticated user with debug privilege, will execute JavaScript code supplied by the attacker. The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes. | |||||
| CVE-2018-7547 | 1 Lingyun | 1 Lyadmin | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to the /admin.php?s=/admin/config/groupsave.html URI. | |||||
| CVE-2018-7543 | 1 Snapcreek | 1 Duplicator | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter. | |||||
| CVE-2018-7512 | 1 Geutebrueck | 4 G-cam\/efd-2250, G-cam\/efd-2250 Firmware, Topfd-2125 and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. | |||||
| CVE-2018-7508 | 1 Osisoft | 2 Pi Vision, Pi Web Api | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized. | |||||
| CVE-2018-7504 | 1 Osisoft | 1 Pi Vision | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Protection Mechanism Failure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The X-XSS-Protection response header is not set to block, allowing attempts at reflected cross-site scripting. | |||||
| CVE-2018-7476 | 1 Finecms | 1 Finecms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting (XSS) via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xss_clean protection mechanism is defeated by crafted input that lacks a '<' or '>' character. | |||||
| CVE-2018-7475 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2018-7469 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 has XSS via the p_name (aka Edit Category Name) field to admin/categories_industry.php (aka Categories - Industry Type). | |||||