Total
36812 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7277 | 1 Rletech | 4 Fds-wi, Fds-wi Firmware, Wi-mgr and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP. | |||||
| CVE-2018-7274 | 1 Quarx Cms Project | 1 Quarx Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Yab Quarx through 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog (Title), FAQ (Question), Pages (Title), Widgets (Name), and Menus (Name). | |||||
| CVE-2018-7265 | 1 Shimmie2 Project | 1 Shimmie2 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Shimmie 2 2.6.0 allows an attacker to upload a crafted SVG file that enables stored XSS. | |||||
| CVE-2018-7261 | 1 Radiantcms | 1 Radiant Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| There are multiple Persistent XSS vulnerabilities in Radiant CMS 1.1.4. They affect Personal Preferences (Name and Username) and Configuration (Site Title, Dev Site Domain, Page Parts, and Page Fields). | |||||
| CVE-2018-7260 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2018-7205 | 1 Kentico | 1 Kentico Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages -> Edit template properties -> Device Layouts -> Create device layout (and edit created device layout) -> Design" screens. NOTE: the vendor has responded that there is intended functionality for authorized users to edit and update ascx code layout | |||||
| CVE-2018-7203 | 1 Lynxtechnology | 1 Twonky Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all. | |||||
| CVE-2018-7202 | 1 Projectsend | 1 Projectsend | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in ProjectSend before r1053. XSS exists in the "Name" field on the My Account page. | |||||
| CVE-2018-7198 | 1 Octobercms | 1 October | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page. | |||||
| CVE-2018-7197 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Pluck through 4.7.4. A stored cross-site scripting (XSS) vulnerability allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL. | |||||
| CVE-2018-7196 | 1 Osticket | 1 Osticket | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter. | |||||
| CVE-2018-7193 | 1 Osticket | 1 Osticket | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter. | |||||
| CVE-2018-7192 | 1 Osticket | 1 Osticket | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter. | |||||
| CVE-2018-7188 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php. | |||||
| CVE-2018-7117 | 1 Hp | 20 Integrated Lights-out 5 Firmware, Proliant Bl460c Gen10, Proliant Dl120 Gen10 and 17 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerability was identified in HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant Servers earlier than version v1.40. | |||||
| CVE-2018-7090 | 1 Hp | 1 Xp 9000 Command View | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| HPE XP P9000 Command View Advanced Edition Software (CVAE) has local and remote cross site scripting vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr. | |||||
| CVE-2018-7075 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote cross-site scripting (XSS) vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT version v7.3 (E0506). The vulnerability is fixed in Intelligent Management Center PLAT 7.3 E0605P04 or subsequent version. | |||||
| CVE-2018-7064 | 2 Arubanetworks, Siemens | 3 Aruba Instant, Scalance W1750d, Scalance W1750d Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface. An attacker could use this vulnerability to trick an IAP administrator into clicking a link which could then take administrative actions on the Instant cluster, or expose the session cookie for an administrative session. Workaround: Administrators should make sure they log out of the Aruba Instant UI when not actively managing the system, and should use caution clicking links from external sources while logged into the IAP administrative interface. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0 | |||||
| CVE-2018-7057 | 1 Steelcase | 2 Roomwizard, Roomwizard Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName parameter. | |||||
| CVE-2018-7049 | 1 Wowza | 1 Streaming Engine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Wowza Streaming Engine before 4.7.1. There is an XSS vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager) causing script injection and/or reflection via a crafted HTTP request. | |||||