Total
36798 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20814 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Policy Secure | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX or PPS 5.2RX. | |||||
| CVE-2018-20808 | 1 Ivanti | 1 Connect Secure | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This is not applicable to 8.1RX. | |||||
| CVE-2018-20807 | 1 Ivanti | 1 Connect Secure | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue has been found in welcome.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1.x before 8.1R12, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 due to one of the URL parameters not being sanitized properly. | |||||
| CVE-2018-20806 | 1 Phamm | 1 Phamm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter). | |||||
| CVE-2018-20791 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action. | |||||
| CVE-2018-20778 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element. | |||||
| CVE-2018-20777 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field. | |||||
| CVE-2018-20774 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field. | |||||
| CVE-2018-20758 | 1 Modx | 1 Modx Revolution | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description. | |||||
| CVE-2018-20757 | 1 Modx | 1 Modx Revolution | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name. | |||||
| CVE-2018-20756 | 1 Modx | 1 Modx Revolution | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs. | |||||
| CVE-2018-20755 | 1 Modx | 1 Modx Revolution | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MODX Revolution through v2.7.0-pl allows XSS via the User Photo field. | |||||
| CVE-2018-20737 | 1 Wso2 | 3 Api Manager, Identity Server, Identity Server As Key Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product. | |||||
| CVE-2018-20736 | 1 Wso2 | 1 Api Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product. | |||||
| CVE-2018-20731 | 1 Nedi | 1 Nedi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via User-Chat.php. | |||||
| CVE-2018-20729 | 1 Nedi | 1 Nedi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via the reg parameter in mh.php. | |||||
| CVE-2018-20726 | 1 Cacti | 1 Cacti | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices. | |||||
| CVE-2018-20725 | 1 Cacti | 1 Cacti | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label. | |||||
| CVE-2018-20724 | 1 Cacti | 1 Cacti | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors. | |||||
| CVE-2018-20723 | 1 Cacti | 1 Cacti | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color. | |||||