Vulnerabilities (CVE)

Filtered by CWE-79
Total 36955 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-7678 1 Netiq 1 Access Manager 2024-11-21 3.5 LOW 3.5 LOW
A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4.
CVE-2018-7663 1 Voten 1 Voten 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in resources/views/layouts/app.blade.php in Voten.co before 2017-08-25. An unescaped template literal in the bio field of a user profile (resources/views/layouts/app.blade.php) allows for server-side template injection of arbitrary JavaScript.
CVE-2018-7660 1 Opentext 1 Documentum D2 2024-11-21 3.5 LOW 5.4 MEDIUM
In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Reflected Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via the servlet/Download _docbase or _username parameter.
CVE-2018-7659 1 Opentext 1 Documentum D2 2024-11-21 3.5 LOW 5.4 MEDIUM
In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Stored Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via a filename of an uploaded image file.
CVE-2018-7653 1 Yzmcms 1 Yzmcms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter.
CVE-2018-7652 1 Zonemaster 1 Zonemaster Web Gui 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 has XSS.
CVE-2018-7650 1 Hot Scripts Clone Project 1 Hot Scripts Clone 2024-11-21 3.5 LOW 4.8 MEDIUM
PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS within the "Add New" function for a Management User. Within the "Add New" section, the application does not sanitize user supplied input to the name parameter, and renders injected JavaScript code to the user's browser. This is different from CVE-2018-6878.
CVE-2018-7649 1 Fibranet 1 Monitorix 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Monitorix before 3.10.1 allows XSS via CGI variables.
CVE-2018-7636 1 Paloaltonetworks 1 Pan-os 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs.
CVE-2018-7603 1 Search Autocomplete Project 1 Search Autocomplete 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
In Drupal's 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website (nodes, comments, etc.). The module doesn't sufficiently filter user-entered text among the autocompletion items leading to a Cross Site Scripting (XSS) vulnerability. This vulnerability can be exploited by any user allowed to create one of the autocompletion item, for instance, nodes, users, comments.
CVE-2018-7564 1 Polycom 2 Qdx 6000, Qdx 6000 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Stored XSS exists on Polycom QDX 6000 devices.
CVE-2018-7563 1 Glpi-project 1 Glpi 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in GLPI through 9.2.1. The application is affected by XSS in the query string to front/preference.php. An attacker is able to create a malicious URL that, if opened by an authenticated user with debug privilege, will execute JavaScript code supplied by the attacker. The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.
CVE-2018-7547 1 Lingyun 1 Lyadmin 2024-11-21 3.5 LOW 4.8 MEDIUM
lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to the /admin.php?s=/admin/config/groupsave.html URI.
CVE-2018-7543 1 Snapcreek 1 Duplicator 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter.
CVE-2018-7512 1 Geutebrueck 4 G-cam\/efd-2250, G-cam\/efd-2250 Firmware, Topfd-2125 and 1 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution.
CVE-2018-7508 1 Osisoft 2 Pi Vision, Pi Web Api 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized.
CVE-2018-7504 1 Osisoft 1 Pi Vision 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A Protection Mechanism Failure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The X-XSS-Protection response header is not set to block, allowing attempts at reflected cross-site scripting.
CVE-2018-7476 1 Finecms 1 Finecms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting (XSS) via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xss_clean protection mechanism is defeated by crafted input that lacks a '<' or '>' character.
CVE-2018-7475 1 Icewarp 1 Mail Server 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML.
CVE-2018-7469 1 Entrepreneur Job Portal Script Project 1 Entrepreneur Job Portal Script 2024-11-21 3.5 LOW 4.8 MEDIUM
PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 has XSS via the p_name (aka Edit Category Name) field to admin/categories_industry.php (aka Categories - Industry Type).