Total
36798 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-25085 | 1 Drupal | 1 Responsive Menus | 2024-11-21 | 3.3 LOW | 2.4 LOW |
| A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsive_menus_admin_form_submit of the file responsive_menus.module of the component Configuration Setting Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 7.x-1.7 is able to address this issue. The patch is named 3c554b31d32a367188f44d44857b061eac949fb8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227755. | |||||
| CVE-2018-25084 | 1 Pingidentity | 1 Self-service Account Manager | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in Ping Identity Self-Service Account Manager 1.1.2. Affected by this issue is some unknown functionality of the file src/main/java/com/unboundid/webapp/ssam/SSAMController.java. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.1.3 is able to address this issue. The patch is identified as f64b10d63bb19ca2228b0c2d561a1a6e5a3bf251. It is recommended to upgrade the affected component. VDB-225362 is the identifier assigned to this vulnerability. | |||||
| CVE-2018-25073 | 1 Ts-ranksystem | 1 Tsn-ranksystem | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in Newcomer1989 TSN-Ranksystem up to 1.2.6 and classified as problematic. This vulnerability affects the function getlog of the file webinterface/bot.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.7 is able to address this issue. The patch is identified as b3a3cd8efe2cd3bd3c5b3b7abf2fe80dbee51b77. It is recommended to upgrade the affected component. VDB-218002 is the identifier assigned to this vulnerability. | |||||
| CVE-2018-25065 | 1 Wikimedia | 1 Mediawiki-extensions-i18ntags | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic. This issue affects some unknown processing of the file I18nTags_body.php of the component Unlike Parser. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is b4bc3cbbb099eab50cf2b544cf577116f1867b94. It is recommended to apply a patch to fix this issue. The identifier VDB-217445 was assigned to this vulnerability. | |||||
| CVE-2018-25064 | 1 Show-me-the-way Project | 1 Show-me-the-way | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in OSM Lab show-me-the-way. It has been rated as problematic. This issue affects some unknown processing of the file js/site.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. The patch is named 4bed3b34dcc01fe6661f39c0e5d2285b340f7cac. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217439. | |||||
| CVE-2018-25056 | 1 Yola | 1 Yolapi | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in yolapi. Affected is the function render_description of the file yolapi/pypi/metadata.py. The manipulation of the argument text leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a0fe129055a99f429133a5c40cb13b44611ff796. It is recommended to apply a patch to fix this issue. VDB-216966 is the identifier assigned to this vulnerability. | |||||
| CVE-2018-25055 | 1 Farcry Solr Pro Project | 1 Farcry Solr Pro | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability was found in FarCry Solr Pro Plugin up to 1.5.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file packages/forms/solrProSearch.cfc of the component Search Handler. The manipulation of the argument suggestion leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.6.0 is able to address this issue. The name of the patch is b8f3d61511c9b02b781ec442bfb803cbff8e08d5. It is recommended to upgrade the affected component. The identifier VDB-216961 was assigned to this vulnerability. | |||||
| CVE-2018-25054 | 1 Shredzone | 1 Cilla | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability was found in shred cilla. It has been classified as problematic. Affected is an unknown function of the file cilla-xample/src/main/webapp/WEB-INF/jsp/view/search.jsp of the component Search Handler. The manipulation of the argument details leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is d345e6bc7798bd717a583ec7f545ca387819d5c7. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216960. | |||||
| CVE-2018-25053 | 1 Json2html | 1 Json2html | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability was found in moappi Json2html up to 1.1.x and classified as problematic. This issue affects some unknown processing of the file json2html.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is 2d3d24d971b19a8ed1fb823596300b9835d55801. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216959. | |||||
| CVE-2018-25052 | 1 Catalyst-plugin-session Project | 1 Catalyst-plugin-session | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function _load_sessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.41 is able to address this issue. The name of the patch is 88d1b599e1163761c9bd53bec53ba078f13e09d4. It is recommended to upgrade the affected component. VDB-216958 is the identifier assigned to this vulnerability. | |||||
| CVE-2018-25051 | 1 Pomash Project | 1 Pomash | 2024-11-21 | N/A | 2.4 LOW |
| A vulnerability, which was classified as problematic, was found in JmPotato Pomash. This affects an unknown part of the file Pomash/theme/clean/templates/editor.html. The manipulation of the argument article.title/content.title/article.tag leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is be1914ef0a6808e00f51618b2de92496a3604415. It is recommended to apply a patch to fix this issue. The identifier VDB-216957 was assigned to this vulnerability. | |||||
| CVE-2018-25050 | 1 Getharvest | 1 Chosen | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in Harvest Chosen up to 1.8.6. Affected by this issue is the function AbstractChosen of the file coffee/lib/abstract-chosen.coffee. The manipulation of the argument group_label leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.7 is able to address this issue. The name of the patch is 77fd031d541e77510268d1041ed37798fdd1017e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216956. | |||||
| CVE-2018-25047 | 2 Debian, Smarty | 2 Debian Linux, Smarty | 2024-11-21 | N/A | 5.4 MEDIUM |
| In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user. | |||||
| CVE-2018-25045 | 1 Django-rest-framework | 1 Django Rest Framework | 2024-11-21 | N/A | 6.1 MEDIUM |
| Django REST framework (aka django-rest-framework) before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping. | |||||
| CVE-2018-25039 | 1 Technicolor | 2 Thomson Tcw710, Thomson Tcw710 Firmware | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been declared as problematic. This vulnerability affects unknown code of the file /goform/RgUrlBlock.asp. The manipulation of the argument BasicParentalNewKeyword with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2018-25038 | 1 Technicolor | 2 Thomson Tcw710, Thomson Tcw710 Firmware | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been classified as problematic. This affects an unknown part of the file /goform/RgDhcp. The manipulation of the argument PppUserName with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2018-25037 | 1 Technicolor | 2 Thomson Tcw710, Thomson Tcw710 Firmware | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability was found in Thomson TCW710 ST5D.10.05 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/RgDdns. The manipulation of the argument DdnsHostName with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2018-25036 | 1 Technicolor | 2 Thomson Tcw710, Thomson Tcw710 Firmware | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability has been found in Thomson TCW710 ST5D.10.05 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /goform/RgTime. The manipulation of the argument TimeServer1/TimeServer2/TimeServer3 with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2018-25035 | 1 Technicolor | 2 Thomson Tcw710, Thomson Tcw710 Firmware | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in Thomson TCW710 ST5D.10.05. Affected is an unknown function of the file /goform/RGFirewallEL. The manipulation of the argument EmailAddress/SmtpServerName with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2018-21209 | 1 Netgear | 20 Jnr1010, Jnr1010 Firmware, Jr6150 and 17 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by reflected XSS. This affects JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.20, R6050 before 1.0.1.10, R6220 before 1.1.0.60, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.46, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46. | |||||