Total
36872 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18308 | 1 Bigtreecms | 1 Bigtree Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the 4.2.23 version of BigTree, a Stored XSS vulnerability has been discovered in /admin/ajax/file-browser/upload/ (aka the image upload area). | |||||
| CVE-2018-18307 | 1 Alchemy-cms | 1 Alchemy Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image field. NOTE: the vendor's position is that this is not a valid report: "The researcher used an authorized cookie to perform the request to a password-protected route. Without that session cookie, the request would have been rejected as unauthorized." | |||||
| CVE-2018-18296 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action. | |||||
| CVE-2018-18291 | 1 Asus | 2 Rt-ac58u, Rt-ac58u Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 devices allows remote attackers to inject arbitrary web script or HTML via Advanced_ASUSDDNS_Content.asp, Advanced_WSecurity_Content.asp, Advanced_Wireless_Content.asp, Logout.asp, Main_Login.asp, MobileQIS_Login.asp, QIS_wizard.htma, YandexDNS.asp, ajax_status.xml, apply.cgi, clients.asp, disk.asp, disk_utility.asp, or internet.asp. | |||||
| CVE-2018-18290 | 1 Nconsulting | 1 Nc-cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html&name=home_content allows XSS via the HTML Source Editor. NOTE: the vendor disputes this because the form requires administrator privileges, and entering JavaScript is supported functionality | |||||
| CVE-2018-18282 | 1 Zeit | 1 Next.js | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page. | |||||
| CVE-2018-18276 | 1 Profiles Project | 1 Profiles | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| XSS exists in the ProFiles 1.5 component for Joomla! via the name or path parameter when creating a new folder in the administrative panel. | |||||
| CVE-2018-18271 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. | |||||
| CVE-2018-18270 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. | |||||
| CVE-2018-18262 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine OpManager 12.3 before build 123214 has XSS. | |||||
| CVE-2018-18261 | 1 Bijiadao | 1 Waimai Super Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In waimai Super Cms 20150505, there is an XSS vulnerability via the /admin.php/Foodcat/addsave fcname parameter. | |||||
| CVE-2018-18260 | 1 Tuzitio | 1 Camaleon Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. The profile image in the User settings section can be run in the update / upload area via /admin/media/upload?actions=false. NOTE: the vendor reports that they are "unable to reproduce the reported issue on any version." | |||||
| CVE-2018-18259 | 1 Luya | 1 Luya Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS has been discovered in version 1.0.12 of the LUYA CMS software via /admin/api-cms-nav/create-page. | |||||
| CVE-2018-18248 | 1 Icinga | 1 Icinga Web 2 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup query string. | |||||
| CVE-2018-18247 | 1 Icinga | 1 Icinga Web 2 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Icinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add icon parameter. | |||||
| CVE-2018-18245 | 2 Debian, Nagios | 2 Debian Linux, Nagios Core | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE. | |||||
| CVE-2018-18244 | 1 Vivotek | 1 Camera | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header. | |||||
| CVE-2018-18210 | 1 Dilicms | 1 Dilicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_url parameter. | |||||
| CVE-2018-18209 | 1 Dilicms | 1 Dilicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_type parameter. | |||||
| CVE-2018-18208 | 1 Virtualmin | 1 Virtualmin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Virtualmin 6.03 allows XSS via the query string, as demonstrated by the webmin_search.cgi URI. | |||||