Total
36875 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18545 | 1 Fiyo | 1 Fiyo Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter. | |||||
| CVE-2018-18540 | 1 Teakki | 1 Teakki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL. | |||||
| CVE-2018-18524 | 1 Evernote | 1 Evernote | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code under Present mode. After a victim opens an affected note under Present mode, the attacker can read the victim's files and achieve remote execution command on the victim's computer. | |||||
| CVE-2018-18517 | 1 Citrix | 1 Netscaler Gateway Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS. | |||||
| CVE-2018-18478 | 1 Librenms | 1 Librenms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML via the dashboard_name parameter in the /ajax_form.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php, and html/includes/forms/edit-dashboard.inc.php. | |||||
| CVE-2018-18460 | 1 3cx | 1 Live Chat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request. | |||||
| CVE-2018-18437 | 1 Axiositalia | 1 Registro Elettronico | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter. | |||||
| CVE-2018-18433 | 1 Destoon | 1 Destoon B2b | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DESTOON B2B 7.0. admin/category.inc.php has XSS via the category[catname] parameter to the admin.php URI. | |||||
| CVE-2018-18431 | 1 Destoon | 1 Destoon B2b | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DESTOON B2B 7.0. XSS exists via certain text boxes to the admin.php?moduleid=2&action=add URI. | |||||
| CVE-2018-18430 | 1 Destoon | 1 Destoon B2b | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to the admin.php URI. | |||||
| CVE-2018-18419 | 1 Ardawan | 1 User Management | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI. | |||||
| CVE-2018-18417 | 1 Creativeitem | 1 Ekushey Project Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI. | |||||
| CVE-2018-18416 | 1 Pokkho | 1 Lango | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the site_name parameter to the admin/settings/update URI. | |||||
| CVE-2018-18405 | 1 Jquery | 1 Jquery | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry | |||||
| CVE-2018-18381 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments. | |||||
| CVE-2018-18379 | 1 Elementor | 1 Elementor Page Builder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS. | |||||
| CVE-2018-18374 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter. | |||||
| CVE-2018-18373 | 1 Schiocco | 1 Support Board - Chat And Help Desk | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg parameter in a /wp-admin/admin-ajax.php sb_ajax_add_message action. | |||||
| CVE-2018-18372 | 1 Kaasoft | 1 Library Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Stored XSS vulnerability has been discovered in KAASoft Library CMS - Powerful Book Management System 2.1.1 via the /admin/book/create/ title parameter. | |||||
| CVE-2018-18370 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. | |||||