Vulnerabilities (CVE)

Filtered by CWE-79
Total 36870 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-15875 1 Dlink 2 Dir-615, Dir-615 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request.
CVE-2018-15874 1 Dlink 2 Dir-615, Dir-615 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request.
CVE-2018-15847 1 Puppycms 1 Puppycms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in puppyCMS 5.1. There is an XSS vulnerability via menu.php in the "Add Page/URL" URL link field.
CVE-2018-15843 1 Get-simple 1 Getsimple Cms 2024-11-21 3.5 LOW 4.8 MEDIUM
GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field.
CVE-2018-15842 1 Wolfcms 1 Wolf Cms 2024-11-21 3.5 LOW 4.8 MEDIUM
WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter.
CVE-2018-15820 1 Easyio 2 Easyio 30p, Easyio 30p Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
EasyIO EasyIO-30P devices before 2.0.5.27 allow XSS via the dev.htm GDN parameter.
CVE-2018-15740 1 Zohocorp 1 Manageengine Admanager Plus 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen.
CVE-2018-15714 1 Nagios 1 Nagios Xi 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters.
CVE-2018-15713 1 Nagios 1 Nagios Xi 2024-11-21 3.5 LOW 5.4 MEDIUM
Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php.
CVE-2018-15712 1 Nagios 1 Nagios Xi 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php.
CVE-2018-15707 1 Advantech 1 Webaccess 2024-11-21 3.5 LOW 5.4 MEDIUM
Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things.
CVE-2018-15703 1 Advantech 1 Webaccess 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser.
CVE-2018-15699 1 Asustor 1 Data Master 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field.
CVE-2018-15679 1 Btiteam 1 Xbtit 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in BTITeam XBTIT 2.5.4. The "keywords" parameter in the search function available at /index.php?page=forums&action=search is vulnerable to reflected cross-site scripting.
CVE-2018-15678 1 Btiteam 1 Xbtit 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in BTITeam XBTIT 2.5.4. The "act" parameter in the sign-up page available at /index.php?page=signup is vulnerable to reflected cross-site scripting.
CVE-2018-15677 1 Btiteam 1 Xbtit 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF.
CVE-2018-15676 1 Btiteam 1 Xbtit 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crk_protection.php anti-XSS mechanism that looks for a number of dangerous fingerprints.
CVE-2018-15641 1 Odoo 1 Odoo 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) issue in web module in Odoo Community 11.0 through 14.0 and Odoo Enterprise 11.0 through 14.0, allows remote authenticated internal users to inject arbitrary web script in the browser of a victim via crafted calendar event attributes.
CVE-2018-15638 1 Odoo 1 Odoo 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) issue in mail module in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via crafted channel names.
CVE-2018-15635 1 Odoo 1 Odoo 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
Cross-site scripting vulnerability in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote attackers to inject arbitrary web script in the browser of an internal user of the system by tricking them into inviting a follower on a document with a crafted name.