Total
36805 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5653 | 1 Weblizar | 1 Pinterest-feeds | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php weblizar_pffree_settings_save_get-users parameter. | |||||
| CVE-2018-5652 | 1 Dark Mode Project | 1 Dark Mode | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_end parameter. | |||||
| CVE-2018-5651 | 1 Dark Mode Project | 1 Dark Mode | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_start parameter. | |||||
| CVE-2018-5550 | 1 Epson | 1 Airprint | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Versions of Epson AirPrint released prior to January 19, 2018 contain a reflective cross-site scripting (XSS) vulnerability, which can allow untrusted users on the network to hijack a session cookie or perform other reflected XSS attacks on a currently logged-on user. | |||||
| CVE-2018-5521 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS. | |||||
| CVE-2018-5479 | 1 Foxsash | 1 Imghosting | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| FoxSash ImgHosting 1.5 (according to footer information) is vulnerable to XSS attacks. The affected function is its search engine via the search parameter to the default URI. Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed. | |||||
| CVE-2018-5478 | 1 Contao | 1 Contao | 2024-11-21 | N/A | 6.1 MEDIUM |
| Contao 3.x before 3.5.32 allows XSS via the unsubscribe module in the frontend newsletter extension. | |||||
| CVE-2018-5432 | 1 Tibco | 1 Administrator | 2024-11-21 | 3.5 LOW | 8.0 HIGH |
| The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1. | |||||
| CVE-2018-5431 | 1 Tibco | 3 Jasperreports Server, Jaspersoft, Jaspersoft Reporting And Analytics | 2024-11-21 | 3.5 LOW | 6.3 MEDIUM |
| The domain designer component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which may allow, in the context of a non-default permissions configuration, persisted cross-site scripting (XSS) attacks. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2. | |||||
| CVE-2018-5411 | 1 Pixar | 1 Tractor | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Pixar's Tractor software, versions 2.2 and earlier, contain a stored cross-site scripting vulnerability in the field that allows a user to add a note to an existing node. The stored information is displayed when a user requests information about the node. An attacker could insert Javascript into this note field that is then saved and displayed to the end user. An attacker might include Javascript that could execute on an authenticated user's system that could lead to website redirects, session cookie hijacking, social engineering, etc. As this is stored with the information about the node, all other authenticated users with access to this data are also vulnerable. | |||||
| CVE-2018-5405 | 1 Quest | 2 Kace Systems Management Appliance, Kace Systems Management Appliance Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page. Script execution could allow a malicious user of the system to steal session cookies of other users including Administrator and take over their session. This can further be exploited to launch other attacks. The software also does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other user. An authenticated user with 'user console only' rights may inject arbitrary JavaScript, which could result in an attacker taking over a session of others, including an Administrator. | |||||
| CVE-2018-5376 | 1 Discuz | 1 Discuzx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter. | |||||
| CVE-2018-5375 | 1 Discuz | 1 Discuzx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action. | |||||
| CVE-2018-5370 | 1 Bizlogicdev | 1 Xnami | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| BizLogic xnami 1.0 has XSS via the comment parameter in an addComment action to the /media/ajax URI. | |||||
| CVE-2018-5369 | 1 Srbtranslatin Project | 1 Srbtranslatin | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The SrbTransLatin plugin 1.46 for WordPress has XSS via an srbtranslatoptions action to wp-admin/options-general.php with a lang_identificator parameter. | |||||
| CVE-2018-5367 | 1 Wpglobus | 1 Wpglobus | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][post] parameter to wp-admin/options.php. | |||||
| CVE-2018-5366 | 1 Wpglobus | 1 Wpglobus | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[more_languages] parameter to wp-admin/options.php. | |||||
| CVE-2018-5365 | 1 Wpglobus | 1 Wpglobus | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[selector_wp_list_pages][show_selector] parameter to wp-admin/options.php. | |||||
| CVE-2018-5364 | 1 Wpglobus | 1 Wpglobus | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[browser_redirect][redirect_by_language] parameter to wp-admin/options.php. | |||||
| CVE-2018-5363 | 1 Wpglobus | 1 Wpglobus | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[enabled_languages][en] or wpglobus_option[enabled_languages][fr] (or any other language) parameter to wp-admin/options.php. | |||||