Total
36948 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6588 | 1 Ca | 1 Api Developer Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer. | |||||
| CVE-2018-6587 | 1 Ca | 1 Api Developer Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable. | |||||
| CVE-2018-6586 | 1 Ca | 1 Api Developer Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing. | |||||
| CVE-2018-6561 | 1 Dojotoolkit | 1 Dojo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element. | |||||
| CVE-2018-6550 | 1 Monstra | 1 Monstra | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php. | |||||
| CVE-2018-6545 | 1 Ipswitch | 1 Moveit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability, as demonstrated by human.aspx. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks. | |||||
| CVE-2018-6529 | 1 Dlink | 6 Dir-860l, Dir-860l Firmware, Dir-865l and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi. | |||||
| CVE-2018-6528 | 1 Dlink | 6 Dir-860l, Dir-860l Firmware, Dir-865l and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi. | |||||
| CVE-2018-6527 | 1 Dlink | 6 Dir-860l, Dir-860l Firmware, Dir-865l and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi. | |||||
| CVE-2018-6518 | 1 Compo | 1 Composr Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php. | |||||
| CVE-2018-6511 | 1 Puppet | 1 Puppet Enterprise | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6. | |||||
| CVE-2018-6510 | 1 Puppet | 1 Puppet Enterprise | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6. | |||||
| CVE-2018-6506 | 1 Minibb | 1 Minibb | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross-Site Scripting (XSS) exists in the Add Forum feature in the Administrative Panel in miniBB 3.2.2 via crafted use of an onload attribute of an SVG element in the supertitle field. | |||||
| CVE-2018-6502 | 1 Hp | 1 Arcsight Management Center | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting (XSS). | |||||
| CVE-2018-6495 | 1 Microfocus | 3 Cms Server, Universal Cmdb, Universal Cmdb Browser | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). | |||||
| CVE-2018-6492 | 1 Hp | 2 Network Automation, Network Operations Management Ultimate | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
| Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection. | |||||
| CVE-2018-6469 | 1 Flickrrss Project | 1 Flickrrss | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_tags parameter to wp-admin/options-general.php. | |||||
| CVE-2018-6468 | 1 Flickrrss Project | 1 Flickrrss | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_id parameter to wp-admin/options-general.php. | |||||
| CVE-2018-6466 | 1 Flickrrss Project | 1 Flickrrss | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_set parameter to wp-admin/options-general.php. | |||||
| CVE-2018-6465 | 1 Wp-property-hive | 1 Propertyhive | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php. | |||||