Total
36875 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18668 | 1 Sir | 1 Gnuboard | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "homepage title" parameter, aka the adm/config_form_update.php cf_title parameter. | |||||
| CVE-2018-18660 | 1 Arcserve | 1 Udp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue. | |||||
| CVE-2018-18643 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS. | |||||
| CVE-2018-18642 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has XSS. | |||||
| CVE-2018-18636 | 2 D-link, Dlink | 2 Dsl-2640t Firmware, Dsl-2640t | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:RelaodHref or var:conid parameter. | |||||
| CVE-2018-18635 | 1 Mailcleaner | 1 Mailcleaner | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO. | |||||
| CVE-2018-18631 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS. | |||||
| CVE-2018-18625 | 1 Grafana | 1 Grafana | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Grafana 5.3.1 has XSS via a link on the "Dashboard > All Panels > General" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099. | |||||
| CVE-2018-18624 | 1 Grafana | 1 Grafana | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Grafana 5.3.1 has XSS via a column style on the "Dashboard > Table Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099. | |||||
| CVE-2018-18623 | 1 Grafana | 1 Grafana | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099. | |||||
| CVE-2018-18622 | 1 Bijiadao | 1 Waimai Super Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Waimai Super Cms 20150505. There is XSS via the index.php?m=public&a=doregister username parameter. | |||||
| CVE-2018-18621 | 1 Communigate | 1 Communigate Pro | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! Mail Composer, which is mishandled in /MIME/INBOX-MM-1/ if the raw email link (in .txt format) is modified and then renamed with a .html or .wssp extension. | |||||
| CVE-2018-18608 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php. | |||||
| CVE-2018-18579 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter. | |||||
| CVE-2018-18578 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter. | |||||
| CVE-2018-18570 | 1 Planonsoftware | 1 Planon | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Planon before Live Build 41 has XSS. | |||||
| CVE-2018-18553 | 1 Leanote | 1 Leanote | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page. | |||||
| CVE-2018-18551 | 1 Serverscheck | 1 Monitoring Software | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, group_delete.html group parameter, report_save.html query parameter, sensors.html location parameter, or group_delete.html group parameter. | |||||
| CVE-2018-18548 | 1 Ajenti | 1 Ajenticp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager. | |||||
| CVE-2018-18547 | 1 Vestacp | 1 Control Panel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI. | |||||