Total
36793 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1999021 | 1 Gleeztech | 1 Gleezcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Gleezcms Gleez Cms version 1.3.0 contains a Cross Site Scripting (XSS) vulnerability in Profile page that can result in Inject arbitrary web script or HTML via the profile page editor. This attack appear to be exploitable via The victim must navigate to the attacker's profile page. | |||||
| CVE-2018-1999016 | 1 Pydio | 1 Pydio | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pydio version 8.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in ./core/vendor/meenie/javascript-packer/example-inline.php line 48; ./core/vendor/dapphp/securimage/examples/test.mysql.static.php lines: 114,118 that can result in an unauthenticated remote attacker manipulating the web client via XSS code injection. This attack appear to be exploitable via the victim openning a specially crafted URL. This vulnerability appears to have been fixed in version 8.2.1. | |||||
| CVE-2018-1999008 | 1 Octobercms | 1 October | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| October CMS version prior to build 437 contains a Cross Site Scripting (XSS) vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS content. This attack appear to be exploitable via an Authenticated user with media module permission who can create arbitrary folder name (XSS). This vulnerability appears to have been fixed in build 437. | |||||
| CVE-2018-1999007 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in another user's browser when that other user views HTTP 404 error pages while Stapler debug mode is enabled. | |||||
| CVE-2018-1999005 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. | |||||
| CVE-2018-18997 | 1 Abb | 4 Gate-e1, Gate-e1 Firmware, Gate-e2 and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visitor browser. | |||||
| CVE-2018-18991 | 1 Spidercontrol | 1 Scada Webserver | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected cross-site scripting (non-persistent) in SCADA WebServer (Versions prior to 2.03.0001) could allow an attacker to send a crafted URL that contains JavaScript, which can be reflected off the web application to the victim's browser. | |||||
| CVE-2018-18985 | 1 Tridium | 3 Niagara, Niagara Ax Framework, Niagara Enterprise Security | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality. | |||||
| CVE-2018-18952 | 1 Jeecms | 1 Jeecms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| JEECMS 9.3 has XSS via an index.do#/content/update?type=update URI. | |||||
| CVE-2018-18943 | 1 Basercms | 1 Basercms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the data[UploaderCategory][name] parameter to an admin/uploader/uploader_categories/edit URI. | |||||
| CVE-2018-18940 | 1 Netscape | 1 Enterprise Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. NOTE: this product is discontinued. | |||||
| CVE-2018-18939 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field. | |||||
| CVE-2018-18927 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement. | |||||
| CVE-2018-18919 | 1 Iiong | 1 Wp Editor.md | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The WP Editor.md plugin 10.0.1 for WordPress allows XSS via the comment area. | |||||
| CVE-2018-18909 | 1 Xheditor | 1 Xheditor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view. | |||||
| CVE-2018-18886 | 1 Helpy.io | 1 Helpy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Helpy v2.1.0 has Stored XSS via the Ticket title. | |||||
| CVE-2018-18882 | 1 Controlbyweb | 2 X-320m-i, X-320m-i Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can inject arbitrary script via setup.html in the web interface. | |||||
| CVE-2018-18880 | 1 Columbiaweather | 2 Weather Microserver, Weather Microserver Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script. | |||||
| CVE-2018-18875 | 1 Columbiaweather | 2 Weather Microserver, Weather Microserver Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php. | |||||
| CVE-2018-18872 | 1 Kieranoshea | 1 Calendar | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Kieran O'Shea Calendar plugin before 1.3.11 for WordPress has Stored XSS via the event_title parameter in a wp-admin/admin.php?page=calendar add action, or the category name during category creation at the wp-admin/admin.php?page=calendar-categories URI. | |||||