Total
36788 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17533 | 1 Teltonika | 6 Rut900, Rut900 Firmware, Rut950 and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization. | |||||
| CVE-2018-17443 | 1 Dlink | 1 Central Wifimanager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS. | |||||
| CVE-2018-17441 | 1 Dlink | 1 Central Wifimanager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS. | |||||
| CVE-2018-17423 | 1 E107 | 1 E107 | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php. | |||||
| CVE-2018-17421 | 1 Zrlog | 1 Zrlog | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname. | |||||
| CVE-2018-17413 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin parameter. | |||||
| CVE-2018-17369 | 1 Springboot Authority Project | 1 Springboot Authority | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in springboot_authority through 2017-03-06. There is stored XSS via the admin/role/edit roleKey, name, or description parameter. | |||||
| CVE-2018-17361 | 1 Weaselcms Project | 1 Weaselcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php because $_SERVER['PHP_SELF'] is mishandled. | |||||
| CVE-2018-17337 | 1 Intelbras | 2 Nplug, Nplug Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast. | |||||
| CVE-2018-17322 | 1 Yunucms | 1 Yunucms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in index.php/index/category/index in YUNUCMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the area parameter. | |||||
| CVE-2018-17321 | 1 Seacms | 1 Seacms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action. | |||||
| CVE-2018-17320 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in UCMS 1.4.6. aaddpost.php has stored XSS via the sadmin/aindex.php minfo parameter in a sadmin_aaddpost action. | |||||
| CVE-2018-17316 | 1 Ricoh | 2 Mp C6003, Mp C6003 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||
| CVE-2018-17315 | 1 Ricoh | 2 Mp C2003, Mp C2003sp Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the RICOH MP C2003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||
| CVE-2018-17314 | 1 Ricoh | 2 Mp 305\+, Mp 305\+ Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||
| CVE-2018-17313 | 1 Ricoh | 2 Mp C307, Mp C307 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||
| CVE-2018-17312 | 1 Ricoh | 2 Aficio Mp 301spf, Aficio Mp 301spf Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||
| CVE-2018-17311 | 1 Ricoh | 2 Mp C6503, Mp C6503 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||
| CVE-2018-17310 | 1 Ricoh | 2 Mp C1803 Jpn, Mp C1803 Jpn Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||
| CVE-2018-17309 | 1 Ricoh | 2 Mp C406z, Mp C406zspf Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||