Total
36811 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6958 | 1 Vmware | 1 Vrealize Automation | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation. | |||||
| CVE-2018-6944 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. | |||||
| CVE-2018-6943 | 1 Ultimatemember | 1 Ultimatemember | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. | |||||
| CVE-2018-6940 | 1 Nat32 | 1 Nat32 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with CSRF. | |||||
| CVE-2018-6936 | 2 D-link, Dlink | 2 Dir-600m C1 Firmware, Dir-600m C1 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account. | |||||
| CVE-2018-6935 | 1 Student Profile Management System Script Project | 1 Student Profile Management System Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Student Profile Management System Script v2.0.6 has XSS via the Name field to list_student.php. | |||||
| CVE-2018-6906 | 1 Rainmachine | 1 Rainmachine Web Application | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API. | |||||
| CVE-2018-6905 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process. | |||||
| CVE-2018-6904 | 1 Car Rental Script Project | 1 Car Rental Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action. | |||||
| CVE-2018-6902 | 1 Image Sharing Script Project | 1 Image Sharing Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name field in an Edit Profile action. | |||||
| CVE-2018-6900 | 1 Website Broker Script Project | 1 Website Broker Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page. | |||||
| CVE-2018-6891 | 1 Booking-wp-plugin | 1 Bookly | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQuery.ajax request to ng-payment_details_dialog.js. | |||||
| CVE-2018-6890 | 1 Wolfcms | 1 Wolf Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the page editing feature, as demonstrated by /?/admin/page/edit/3. | |||||
| CVE-2018-6878 | 1 Hot Scripts Clone Project | 1 Hot Scripts Clone | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in the review section in PHP Scripts Mall Hot Scripts Clone Script Classified 3.1 via the title or description field. | |||||
| CVE-2018-6870 | 1 Website Seller Script Project | 1 Website Seller Script | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search feature. | |||||
| CVE-2018-6868 | 1 Groupon Clone Script Project | 1 Groupon Clone Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field parameter. | |||||
| CVE-2018-6866 | 1 Learning And Examination Management System Script Project | 1 Learning And Examination Management System Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 via a crafted message. | |||||
| CVE-2018-6864 | 1 Multireligion Responsive Matrimonial Project | 1 Multireligion Responsive Matrimonial | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion Responsive Matrimonial 4.7.2 via a user profile update parameter. | |||||
| CVE-2018-6862 | 1 Bitcoin Mlm Project | 1 Bitcoin Mlm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Bitcoin MLM Software 1.0.2 via a profile field. | |||||
| CVE-2018-6861 | 1 Lawyer Search Script Project | 1 Lawyer Search Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Lawyer Search Script 1.0.2 via a profile update parameter. | |||||