Total
36825 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10078 | 1 Vertiv | 1 Watchdog Console | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a server description. | |||||
| CVE-2018-10076 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality (the search box of the Dashboard). | |||||
| CVE-2018-10075 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature. | |||||
| CVE-2018-10073 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| joyplus-cms 1.6.0 has XSS in manager/admin_vod.php via the keyword parameter. | |||||
| CVE-2018-10068 | 1 Jdownloads | 1 Jdownloads | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The jDownloads extension before 3.2.59 for Joomla! has XSS. | |||||
| CVE-2018-10061 | 2 Cacti, Debian | 2 Cacti, Debian Linux | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used). | |||||
| CVE-2018-10060 | 2 Cacti, Debian | 2 Cacti, Debian Linux | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php. | |||||
| CVE-2018-10059 | 1 Cacti | 1 Cacti | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name. | |||||
| CVE-2018-10052 | 1 Iscripts | 1 Supportdesk | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult.php txtinteligentsearch parameter. | |||||
| CVE-2018-10051 | 1 Iscripts | 1 Supportdesk | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| iScripts SupportDesk v4.3 has XSS via the staff/inteligentsearchresult.php txtinteligentsearch parameter. | |||||
| CVE-2018-10049 | 1 Iscripts | 1 Eswap | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel. | |||||
| CVE-2018-10033 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter. | |||||
| CVE-2018-10032 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter. | |||||
| CVE-2018-10029 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799. | |||||
| CVE-2018-10026 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/module/init.html echostr parameter, related to the valid function in application/wechat/controller/index.class.php. | |||||
| CVE-2018-10023 | 1 Catfish-cms | 1 Catfish Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Catfish CMS V4.7.21 allows XSS via the pinglun parameter to cat/index/index/pinglun (aka an authenticated comment). | |||||
| CVE-2018-10000 | 1 Videodownloaderultimate | 1 Video Downloader | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Video Downloader professional extension before 2018-04-05 for Chrome has Universal XSS (UXSS) via vectors related to a link64_msgAddLinks event. | |||||
| CVE-2018-1002009 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable. | |||||
| CVE-2018-1002008 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable. | |||||
| CVE-2018-1002007 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id. | |||||