Total
36817 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10231 | 1 Topdesk | 1 Topdesk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in TOPdesk before 8.05.017 (June 2018 version) and before 5.7.SR9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2018-10230 | 1 Zend | 1 Zend Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455. | |||||
| CVE-2018-10228 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI. | |||||
| CVE-2018-10227 | 1 1234n | 1 Minicms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter. | |||||
| CVE-2018-10221 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tag[tag] parameter to the index.php?m=tags&f=index&v=add&&_su=wuzhicms URI. After a website editor (whose privilege is lower than the administrator) logs in, he can add a new TAGS with the XSS payload. | |||||
| CVE-2018-10183 | 1 Bigtreecms | 1 Bigtree Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in BigTree 4.2.22. There is cross-site scripting (XSS) in /core/inc/lib/less.php/test/index.php because of a $_SERVER['REQUEST_URI'] echo, as demonstrated by the dir parameter in a file=charsets action. | |||||
| CVE-2018-10165 | 1 Tp-link | 1 Eap Controller | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This is fixed in version 2.6.1_Windows. | |||||
| CVE-2018-10164 | 1 Tp-link | 1 Eap Controller | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is fixed in version 2.6.1_Windows. | |||||
| CVE-2018-10141 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML. | |||||
| CVE-2018-10139 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affected. | |||||
| CVE-2018-10138 | 1 Catalooksupport | 1 .netstore | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The CATALooK.netStore module through 7.2.8 for DNN (formerly DotNetNuke) allows XSS via the /ViewEditGoogleMaps.aspx PortalID or CATSkin parameter, or the /ImageViewer.aspx link or desc parameter. | |||||
| CVE-2018-10136 | 1 Iscripts | 1 Uberforx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| iScripts UberforX 2.2 has Stored XSS in the "manage_settings" section of the Admin Panel via a value field to the /cms?section=manage_settings&action=edit URI. | |||||
| CVE-2018-10135 | 1 Iscripts | 1 Eswap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel. | |||||
| CVE-2018-10128 | 1 Xyhcms Project | 1 Xyhcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php. | |||||
| CVE-2018-10125 | 1 Contao | 1 Contao | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Contao before 4.5.7 has XSS in the system log. | |||||
| CVE-2018-10121 | 1 Monstra | 1 Monstra | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the title section of an admin/index.php?id=pages&action=edit_page&name=error404 (aka Edit 404 page) action. | |||||
| CVE-2018-10118 | 1 Monstra | 1 Monstra | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php. | |||||
| CVE-2018-10110 | 2 D-link, Dlink | 2 Dir-615 T1 Firmware, Dir-615 T1 | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| D-Link DIR-615 T1 devices allow XSS via the Add User feature. | |||||
| CVE-2018-10109 | 1 Monstra | 1 Monstra | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog. | |||||
| CVE-2018-10108 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php. | |||||