Total
36812 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-8047 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably prior versions. This vulnerability could allow remote unauthenticated attackers to inject arbitrary web script or HTML via index.php?module=Contacts&view=List (app parameter). | |||||
| CVE-2018-8046 | 1 Sencha | 1 Ext Js | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. This framework brings no built-in XSS protection, so the developer has to ensure that data is correctly sanitized. However, the getTip() method of Action Columns takes HTML-escaped data and un-escapes it. If the tooltip contains user-controlled data, an attacker could exploit this to create a cross-site scripting attack, even when developers took precautions and escaped data. | |||||
| CVE-2018-8035 | 1 Apache | 1 Uimaducc | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code. | |||||
| CVE-2018-8031 | 1 Apache | 1 Tomee | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Apache TomEE console (tomee-webapp) has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web application is typically used to add TomEE features to a Tomcat installation. The TomEE bundles do not ship with this application included. This issue can be mitigated by removing the application after TomEE is setup (if using the application to install TomEE), using one of the provided pre-configured bundles, or by upgrading to TomEE 7.0.5. This issue is resolve in this commit: b8bbf50c23ce97dd64f3a5d77f78f84e47579863. | |||||
| CVE-2018-8006 | 1 Apache | 1 Activemq | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter. | |||||
| CVE-2018-7997 | 1 Eramba | 1 Eramba | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Eramba e1.0.6.033 has Reflected XSS on the Error page of the CSV file inclusion tab of the /importTool/preview URI, with a CSV file polluted with malicious JavaScript. | |||||
| CVE-2018-7996 | 1 Eramba | 1 Eramba | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Eramba e1.0.6.033 has Stored XSS on the tooltip box via the /programScopes description parameter. | |||||
| CVE-2018-7976 | 1 Huawei | 1 Espace Desktop | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop. | |||||
| CVE-2018-7894 | 1 Eramba | 1 Eramba | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Eramba e1.0.6.033 has Reflected XSS in reviews/filterIndex/ThirdPartyRiskReview via the advanced_filter parameter (aka the Search Parameter). | |||||
| CVE-2018-7893 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter. | |||||
| CVE-2018-7859 | 1 Dlink | 16 Dgs-1510-20, Dgs-1510-20 Firmware, Dgs-1510-28 and 13 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A security vulnerability in D-Link DGS-1510-series switches with firmware 1.20.011, 1.30.007, 1.31.B003 and older that may allow a remote attacker to inject malicious scripts in the device and execute commands via browser that is configuring the unit. | |||||
| CVE-2018-7834 | 1 Schneider-electric | 2 Tsxetg100, Tsxetg100 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A CWE-79 Cross-Site Scripting vulnerability exists in all versions of the TSXETG100 allowing an attacker to send a specially crafted URL with an embedded script to a user that would then be executed within the context of that user. | |||||
| CVE-2018-7831 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2024-11-21 | 4.3 MEDIUM | 8.8 HIGH |
| An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a password change on the web server. | |||||
| CVE-2018-7827 | 1 Schneider-electric | 118 D6220, D6220 Firmware, D6220l and 115 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which a remote attacker can execute arbitrary HTML and script code in a user’s browser session. | |||||
| CVE-2018-7810 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to craft a URL containing JavaScript that will be executed within the user's browser, potentially impacting the machine the browser is running on. | |||||
| CVE-2018-7795 | 1 Schneider-electric | 2 Powerlogic Pm5560, Powerlogic Pm5560 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code. | |||||
| CVE-2018-7786 | 1 Schneider-electric | 1 U.motion Builder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts. | |||||
| CVE-2018-7747 | 1 Calderalabs | 1 Caldera Forms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log, or (3) an imported form. | |||||
| CVE-2018-7746 | 1 Cobub | 1 Razor | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin. | |||||
| CVE-2018-7741 | 1 Eramba | 1 Eramba | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the created parameter to the /crons URI. | |||||