Total
36824 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10164 | 1 Tp-link | 1 Eap Controller | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is fixed in version 2.6.1_Windows. | |||||
| CVE-2018-10141 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML. | |||||
| CVE-2018-10139 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affected. | |||||
| CVE-2018-10138 | 1 Catalooksupport | 1 .netstore | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The CATALooK.netStore module through 7.2.8 for DNN (formerly DotNetNuke) allows XSS via the /ViewEditGoogleMaps.aspx PortalID or CATSkin parameter, or the /ImageViewer.aspx link or desc parameter. | |||||
| CVE-2018-10136 | 1 Iscripts | 1 Uberforx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| iScripts UberforX 2.2 has Stored XSS in the "manage_settings" section of the Admin Panel via a value field to the /cms?section=manage_settings&action=edit URI. | |||||
| CVE-2018-10135 | 1 Iscripts | 1 Eswap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel. | |||||
| CVE-2018-10128 | 1 Xyhcms Project | 1 Xyhcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php. | |||||
| CVE-2018-10125 | 1 Contao | 1 Contao | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Contao before 4.5.7 has XSS in the system log. | |||||
| CVE-2018-10121 | 1 Monstra | 1 Monstra | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the title section of an admin/index.php?id=pages&action=edit_page&name=error404 (aka Edit 404 page) action. | |||||
| CVE-2018-10118 | 1 Monstra | 1 Monstra | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php. | |||||
| CVE-2018-10110 | 2 D-link, Dlink | 2 Dir-615 T1 Firmware, Dir-615 T1 | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| D-Link DIR-615 T1 devices allow XSS via the Add User feature. | |||||
| CVE-2018-10109 | 1 Monstra | 1 Monstra | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog. | |||||
| CVE-2018-10108 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php. | |||||
| CVE-2018-10107 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php. | |||||
| CVE-2018-10102 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag. | |||||
| CVE-2018-10097 | 1 Smartscriptsolutions | 1 Domain Trader | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Domain Trader 2.5.3 via the recoverlogin.php email_address parameter. | |||||
| CVE-2018-10096 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| joyplus-cms 1.6.0 has XSS via the device_name parameter in a manager/admin_ajax.php?action=save flag=add request. | |||||
| CVE-2018-10095 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. | |||||
| CVE-2018-10091 | 1 Audiocodes | 2 420hd Ip Phone, 420hd Ip Phone Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow XSS. | |||||
| CVE-2018-10078 | 1 Vertiv | 1 Watchdog Console | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a server description. | |||||